SSL VPN Servers

From the "Guide to SSL VPN" document linked to above:

"An SSL VPN consists of one or more VPN devices to which users connect using their Web browsers. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol. This type of VPN may be referred to as either an SSL VPN or a TLS VPN. This guide uses the term SSL VPN. SSL VPNs provide remote users with access to Web applications and client/server applications, and connectivity to internal networks. Despite the popularity of SSL VPNs, they are not intended to replace Internet Protocol Security (IPsec) VPNs. The two VPN technologies are complementary and address separate network architectures and business needs. SSL VPNs offer versatility and ease of use because they use the SSL protocol, which is included with all standard Web browsers, so the client usually does not require configuration by the user. SSL VPNs offer granular control for a range of users on a variety of computers, accessing resources from many locations. There are two primary types of SSL VPNs:

* SSL Portal VPNs. This type of SSL VPN allows a user to use a single standard SSL connection to a Web site to securely access multiple network services. The site accessed is typically called a portal because it is a single page that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway, and is then presented with a Web page that acts as the portal to the other services.

* SSL Tunnel VPNs. This type of SSL VPN allows a user to use a typical Web browser to securely access multiple network services, including applications and protocols that are not web-based, through a tunnel that is running under SSL. SSL tunnel VPNs require that the Web browser be able to handle active content, which allows them to provide functionality that is not accessible to SSL portal VPNs. Examples of active content include Java, JavaScript, Active X, or Flash applications or plug-ins."

"The “tunnel” in an SSL tunnel VPN is both similar and quite different from the tunnels seen in typical IPsec VPNs. The two types of tunnels are similar in that almost all IP traffic is fully protected by the tunnel, giving the user full access to services on the network protected by the VPN gateway. The tunnels are quite different in that SSL/VPN tunnels are usually created in SSL using a non-standard tunneling method, while IPsec tunnels are created with methods described in the IPsec standard.
The tunneling in an SSL tunnel VPN allows a wide variety of protocols and applications to be run through it. For example, essentially any protocol that runs over TCP or UDP can be tunneled through such a gateway, making the remote user’s experience of the protected network very similar to being directly on the network. To the user, an SSL tunnel VPN may appear quite different from a typical Web site because the tunneling plug-in or application needs to be loaded into the user’s browser before the user can access the VPN. This might involve warning messages about the software being loaded, and it could also prevent users from entering the VPN if their Web browsers are instructed not to allow such programs to run. Because of the active content requirement, SSL tunnel VPNs may be accessible to fewer users than SSL portal VPNs."