Before deciding to implement IPsec remote access VPNs, it is important to understand their advantages and disadvantages, as well as how they compare to other types of remote access VPN.
Some of the main advantages and disadvantages of IPsec remote access VPNs are as follows:
The precise level of security offered by IPsec depends on a number of factors, including the type of Internet Key Exchange (IKE) phase 1 negotiation (main or aggressive mode), the type of IKE phase 1 authentication, the form of any preshared keys, the types and levels of security associated with any Public Key Infrastructure (PKI), the type of user authentication, the type (and key lengths) of encryption and hashing algorithms, whether Perfect Forward Secrecy (PFS) is used, and the duration of security association (SA) lifetimes.
L2TP/IPsec (RFC 3193) and SSL remote access VPNs offer similar security to IPsec remote access VPNs.
L2TP/IPsec remote access VPNs, on the other hand, rely on industry (IETF) standards.
Secure Sockets Layer (SSL) versions 2 and 3 are de facto standards, and Transport Layer Security (TLS) is an industry (IETF) standard.
Operating systems such as Windows 2000, Windows XP, and MacOS X include an L2TP/IPsec remote access VPN client by default.
Clientless SSL remote access VPNs do not require the installation of specific VPN client software.
Part I: Understanding VPN Technology
What Is a Virtual Private Network?
Part II: Site-to-Site VPNs
Designing and Deploying L2TPv3-Based Layer 2 VPNs
Designing and Implementing AToM-Based Layer 2 VPNs
Designing MPLS Layer 3 Site-to-Site VPNs
Advanced MPLS Layer 3 VPN Deployment Considerations
Deploying Site-to-Site IPsec VPNs
Scaling and Optimizing IPsec VPNs
Part III: Remote Access VPNs
Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs
Designing and Deploying IPsec Remote Access and Teleworker VPNs
Designing and Building SSL Remote Access VPNs (WebVPN)
Part IV: Appendixes
Designing and Building SSL Remote Access VPNs (WebVPN)
Appendix B. Answers to Review Questions