What is SSL VPN?

A type of virtual private network (VPN) that can be used with a standard Web browser,

    Requires Free Membership to View

a Secure Sockets Layer virtual private network, or SSL VPN, does not require the installation of specialized client software on the end user's computer. In this way it is different from the traditional Internet Protocol Security (IPsec) VPN. An SSL VPN SSL VPN is designed to give remote users with access to Web applications, client/server applications and internal network connections.

There are two major types of SSL VPNs:

SSL Portal VPN: Allows for a single SSL connection to a website, allowing the end user to securely access multiple network services. This type of site is called a portal because it is one door (a single page) that leads to many other resources.

SSL Tunnel VPN: Allows a Web browser -- and therefore users -- to securely access multiple network services, including applications and protocols that are not Web-based. Access is provided through a tunnel running under SSL.

For more information, read the SSL VPN definition and find more resources from WhatIs.com.

A secure socket layer tutorial

If you use SSL, it's important that you have a basic understanding of the protocol's capabilities and its common uses. Read this quick primer to SSL, including what goes on "under the hood" of SSL. SSL has three basic functions that may be used independently or in combination to provide security to network-based communications. These SSL capabilities are:

  • Authenticating a server to a client

  • Encrypting communications between a client and server

  • Authenticating a client to a server

Comparing IPsec vs. SSL

IPsec VPNs are entrenched in many enterprises, but easier-to-use SSL VPNs could soon be just as popular.

Internet Protocol security (IPsec) VPNs have been dominant for a number of years. The technology works at OSI Layer 3 to create a "tunnel" into the network, so that as devices log on, they act as if they are physically attached to the LAN.

Secure Socket Layer (SSL) VPNs work at Layer 4, the application layer. Users access individual applications via a Web browser. Administrators can determine access by application, rather than providing access to the entire network.

Read about IPsec vs. SSL and expert views on choosing between IPsec and SSL.

Learn more with these SSL VPN resources:

  • SSL VPNs: Great for basic access but not for power users

  • SSL VPNs: Five popular products compared

  • The promise of application-aware SSL VPNs

  • Choose the best SSL product for remote access

  • Client-side security considerations for SSL VPNs

  • SSL VPN usage on the rise

    Advice from our VPN expert, Lisa Phifer:

    One reader asked, "Can you point me toward some good additional resources on SSL VPNs?"

    Lisa's answer: SSL, and its IETF standard sibling, TLS, are well-documented in RFCs and books:

    • Rescorla, Eric, SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2000, ISBN 0201615983

    • Thomas, Stephen, SSL & TLS Essentials: Securing the Web, Wiley & Sons, 2000, ISBN 0471383546

    • Dierks and Allen, TLS Protocol v1.0, 1999, RFC 2246

    >> Read the rest of Lisa's answer on SSL VPNs and find links to related resources.

    >> Browse more Q/As or submit your own SSL VPN or general networking question.

    This was first published in February 2010

  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: