Manage Learn to apply best practices and optimize your operations.

SSL VPN tutorial

Some companies see SSL VPNs as a simpler, cheaper way to provide remote access to corporate data. Find out about SSL VPN usage, compare IPsec vs. SSL and decide what's right for your network in this SSL VPN tutorial.

What is SSL VPN?

A type of virtual private network (VPN) that can be used with a standard Web browser, a Secure Sockets Layer virtual private network, or SSL VPN, does not require the installation of specialized client software on the end user's computer. In this way it is different from the traditional Internet Protocol Security (IPsec) VPN. An SSL VPN is designed to give remote users with access to Web applications, client/server applications and internal network connections.

There are two major types of SSL VPNs:

SSL Portal VPN: Allows for a single SSL connection to a website, allowing the end user to securely access multiple network services. This type of site is called a portal because it is one door (a single page) that leads to many other resources.

SSL Tunnel VPN: Allows a Web browser -- and therefore users -- to securely access multiple network services, including applications and protocols that are not Web-based. Access is provided through a tunnel running under SSL.

For more information, read the SSL VPN definition and find more resources from

A secure socket layer tutorial

If you use SSL, it's important that you have a basic understanding of the protocol's capabilities and its common uses. Read this quick primer to SSL, including what goes on "under the hood" of SSL. SSL has three basic functions that may be used independently or in combination to provide security to network-based communications. These SSL capabilities are:

  • Authenticating a server to a client
  • Encrypting communications between a client and server
  • Authenticating a client to a server

Comparing IPsec vs. SSL

IPsec VPNs are entrenched in many enterprises, but easier-to-use SSL VPNs could soon be just as popular.

Internet Protocol security (IPsec) VPNs have been dominant for a number of years. The technology works at OSI Layer 3 to create a "tunnel" into the network, so that as devices log on, they act as if they are physically attached to the LAN.

Secure Socket Layer (SSL) VPNs work at Layer 4, the application layer. Users access individual applications via a Web browser. Administrators can determine access by application, rather than providing access to the entire network.

Read about IPsec vs. SSL and expert views on choosing between IPsec and SSL.

Learn more with these SSL VPN resources: 

  • SSL VPNs: Great for basic access but not for power users
  • SSL VPNs: Five popular products compared
  • The promise of application-aware SSL VPNs
  • Choose the best SSL product for remote access
  • Client-side security considerations for SSL VPNs
  • SSL VPN usage on the rise

Advice from our VPN expert, Lisa Phifer: 

One reader asked, "Can you point me toward some good additional resources on SSL VPNs?"

Lisa's answer: SSL, and its IETF standard sibling, TLS, are well-documented in RFCs and books:

• Rescorla, Eric, SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2000, ISBN 0201615983

• Thomas, Stephen, SSL & TLS Essentials: Securing the Web, Wiley & Sons, 2000, ISBN 0471383546

• Dierks and Allen, TLS Protocol v1.0, 1999, RFC 2246

>> Read the rest of Lisa's answer on SSL VPNs and find links to related resources.

>> Browse more Q/As or submit your own SSL VPN or general networking question.

This was last published in February 2010

Dig Deeper on Network Security Best Practices and Products