Explanation/Reference:
Section: Enterprise Network Design Explanation
Explanation:
Secure Sockets Layer (SSL) virtual private networks (VPNs) do not require a preinstalled VPN client. To connect to internal network resources over an SSL VPN, a user must connect to an SSL VPN device by using a web browser. After a user provides valid authentication credentials to the SSL VPN device, an encrypted connection is established and the user is granted access to network resources.
SSL VPNs are encrypted, but so are IP Security (IPSec) VPNs. SSL VPNs use Transport Layer Security (TLS) for encryption. IPSec VPNs use Encapsulating Security Payload (ESP) for encryption.
SSL VPNs are authenticated, but so are IPSec VPNs. SSL VPNs can be configured to use a variety of authentication mechanisms, including local authentication and Remote Authentication Dial-In User Service (RADIUS) authentication. IPSec VPNs can also use a variety of authentication mechanisms, including Kerberos, preshared keys (PSKs), and digital certificates.
SSL VPNs do not provide direct access to the network? however, they do provide access to network resources. By contrast, IPSec VPNs do provide direct network access. The primary concern with both SSL VPNs and IPSec VPNs is the lack of administrative control over desktop computers that connect to the network. A user who has installed the proper VPN client software or knows the IP address of an SSL VPN server can authenticate and connect from any computer, including those that do not fully comply with company policies. For example, if a user were to connect from a computer that does not have adequate antivirus or firewall protection, the network could be exposed to any malware threats that exist on the computer.
Reference:
CCDA 200-310 Official Cert Guide, Chapter 7, VPN Benefits, p. 263
Cisco: Virtual Private Network (VPN)