cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
869
Views
5
Helpful
10
Replies

ipsec or ssl vpn

suthomas1
Level 6
Level 6

out of ipsec and ssl , which vpn is better when thinking about speed, as vpn is known to be slow responsive.

Thanks.

1 Accepted Solution

Accepted Solutions
10 Replies 10

athukral
Level 1
Level 1

Well both have there own pros and cons....

Could you please elaborate what kind of functionality you are looking for?

BTW , ipsec is easy to implement, manage and more user friendly, plus much easy to troubleshoot, but there are couple of features that can not be implement in ipsec and hence we need ssl that ways.... Please let me know your exact requirement.

Thanks

Ankur

this user group needs remote connection to be established for external parties on a different region to the HQ. The end application at HQ is sort of heavy in terms of usage as it has graphic contents. Users at remote sites are greater than 13 in no.


vpn was selected to keep cost low and use existing infrastructure.

Please let me know if this is still insufficient info.

Thanks.

athukral
Level 1
Level 1

Thanks for the reply!

well cisco IPSEC remote vpn client setup will be good for you....easy to deploy and performance will be nice too.....lemme know in case u need the help with deployment , i will help you out with that..

Once decide then lemme know and i can help with implementation part of it...depending on the device you will use.

PS: Its late night here, i will reply to ur next post tommorow.

Appreciate your time.

Thanks

Ankur

Thanks Ankur for your kind help.

I will let you know for help when implementation starts for ipsec.

Thanks again.

Thanks for the reply!

My pleasure!

Appreciate your time.

for routes when configuring vpn, remote lan network is identified by putting route to my next hop ( internet ). is that wrong

also, i have heard many configure ipsec by creating tunnel. is it necessary that way.

if we just configure it with basic parameters and apply to main interface, should it be ok.

Thanks.

I have 2 asa's on which ipsec is being configured. asa-2 is also used as another application firewall.temporary ipsec configuration is done on asa-2 to check its working with asa-1.

out of some restrictions, we cant connect any test machine on asa-2 physically for this. If we were to do a ping from asa-2 to asa-1's lan interface ip, will it respond via ipsec.

this is to test ipsec connectivity before further production cuts.

thank you.

Thanks for the question!!

Well yes you can ping the ASA 1 lan side interface  by configuring the following command on ASA 1

From configuration prompt, pls  put the following command----

management-access

Thanks

Ankur

thank you for replying.

I see now, so i can indeed test ipsec connection being established by icmp between lan interface ip's of each asa & i should be able to see ipsec tunnel up status.

so i can use management-access inside , if inside is used for defining lan.

Yes correct

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: