IpSec or SSL on IIS

The title may be confusing but that sums up my question. I am not sure when I should use SSL of IPSec when transfering/connecting to a webserver. Is it a rule of thumb to only use SSL when the WebServer is outside of your network and use IPSec when it is routable to you?

I have gotten most of the other topics down and I am sitting my exam 8-12-09 at 10am; and hoping for the best.



  • Options
    siniabhilashsiniabhilash Member Posts: 26 ■□□□□□□□□□

    IPSec VPN – Administrators that need to achieve site-to-site connectivity will be well served by IPSec VPN offerings. They were created to meet the challenge of how to provide employees around the world with secure “always on” connectivity that will enable them to access all of the corporate resources they need to achieve optimal productivity.
    SSL VPN – Administrators that need to allow teleworkers, mobile employees, contractors, offshore employees, business partners or customers access to certain corporate resources will be well served by SSL VPNs. SSL VPNs are designed to address the needs of diverse audiences that need secure access to administrator-specified corporate resources from anywhere and to change both the access methods and resources allowed as the users’ circumstances change. SSL VPNs can also be configured to check end-point security compliance and to either provision resources accordingly or to provide the end user with the means to remediate.

    Hence in your question accessing Web serves, if they are internal clients IPSEC will be the best option but if external clients, contracts and third party users are accessing SSL will be cost effective
    Sini Abhilash
    A+, N+, 270, 290, 291, 299 (MCSA)
  • Options
    sidsanderssidsanders Member Posts: 217 ■■■□□□□□□□
    may i ask you to clarify this more? as noted, ipsec is a vpn tech, ssl can be used for vpns, however is this what you are asking? in most shops internal access to a webserver requires no security, that is access via browser (http). ssl on a web server could be used for https, and if its required external, its probably required internal.

    so are you talking about securing web pages a web server serves or talking about how to grant remote access/control for someone to manage a web server be they internal users or external?
  • Options
    ElwoodBluesElwoodBlues Member Posts: 117
    Securing the internal machine's communications with an internal web server; which uses ssl for external clients transactions
  • Options
    blargoeblargoe Member Posts: 4,174 ■■■■■■■■■□
    I think he's referring to using IPSec policies in general to protect client/server communications internally and requiring IPSec on the server that is running IIS. In practice I don't think very many companies use IPSec for that purpose, in most circumstances. SSL is fine.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
Sign In or Register to comment.