05-09-2012 04:59 AM
05-09-2012 06:05 AM
It's not possible on Cisco devices. SSL VPN is purely remote access technology.
What's the reason behind asking - IPsec should be good enough for this scenario.
05-09-2012 06:19 AM
SSL has lower overhead.
05-09-2012 06:46 AM
In which sense?
IPsec related calculation should be done by hardware engines each ISR/ASR routers has built in (unlike most SSL clients).
Packet overhead - how much will you gain? (Literature?)
M.
05-09-2012 07:31 AM
About IPSec VPN for IPv4 overhead please check
Comparing, Designing, and Deploying VPNs
Chapter 7. Scaling and Optimizing IPsec VPNs
MTU and Fragmentation Considerations in an IPsec VPN
shows the overhead added when using AH and/or ESP (in tunnel and transport modes) and a variety of cryptographic algorithms to a user packet size of 1500 bytes sent over an IPsec or GRE/IPsec VPN tunnel.
http://www.ciscopress.com/bookstore/product.asp?isbn=1587051796
05-09-2012 07:45 AM
My understanding is that IPSEC uses 50-57 where as SSL only adds 5.
05-09-2012 11:14 PM
Hey Martin,
Let me try to answer completely your question.
1. Overhead standpoint
SSL indeed has an header of 5 bytes. However it's not only that.
----> In fact, SSL and IPSEC overhead avec very comparable....
2. Security:
From Security standpoint, IPSEC is better suited than SSL/TLS.
So, in order words, if someone get access to the RSA private key [ most likely if you get physical access to the device ], then the encrypted traffic can be easily decrypted [ offline - instantaneous].
I hope this answer your initial question.
Olivier
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: