Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 2 subscribers
  • Views 19720 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Pros and cons of remote access with Sophos OpenVPN client vs. IPSec?

howiecamp
Pros and cons of remote access with Sophos OpenVPN client vs. IPSec?  I set up vpn client access to the UTM with Sophos OpenVPN and generally it works well.  I see there is a straight IPSec mechanism as well, where on Windows for example you'd configure an IPSec vpn connection natively in the OS without downloading a client.  Perhaps it's similar on OS X.

What are pros and cons of one approach vs. the other?  Again this is client  VPN.


This thread was automatically locked due to age.
Parents
  • 0
    BAlfson - Interesting.  Why do some places in Europe block IPSec for home users?  What is the logic?

    Re: your comment about the L2TP/IPSec mode of the Windows client - I hadn't realized that the UTM portal had it's own IPSec client download until Jeff mentioned it.
Reply
  • 0
    BAlfson - Interesting.  Why do some places in Europe block IPSec for home users?  What is the logic?

    Re: your comment about the L2TP/IPSec mode of the Windows client - I hadn't realized that the UTM portal had it's own IPSec client download until Jeff mentioned it.
Children
  • 0 in reply to howiecamp
    BAlfson - Interesting.  Why do some places in Europe block IPSec for home users?  What is the logic?

    Re: your comment about the L2TP/IPSec mode of the Windows client - I hadn't realized that the UTM portal had it's own IPSec client download until Jeff mentioned it.


    I've been in certain hotels and establishments in the U.S. that block IPSEC as well.  That's why I have both SSL and IPSEC clients available.

    IPSEC is faster... SSL is easier to setup.  You can greatly increase the speed of the SSL VPN by switching it to UDP instead of TCP for the connection, but some firewalls will block UDP on port 443.

    Btill, I had a medical practice that had users complaining of slow speeds via TCP 443 and the SSL VPN (I joke that's because the NSA is capturing the traffic, LOL), and they saw a phenomenal increase in speed when we went to UDP.  The majority of the transcriptionists that used that connection were home users that had home routers that allowed all outbound.  The few corporate types that had properly locked-down firewalls on their end had to have their IT / Security staff open up UDP 443.  That's the only side-effect of switching to UDP.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Additionally, while the IPSEC Client is freely downloadable, it's an additional cost item to use beyond the trial period; your VAR/Reseller can get you pricing on that.  Frankly, except for power users that may need two VPN connections at once to different sites or the extra speed afforded IPSEC connections, the SSL VPN works fine and is easier to administer and deploy (and cheaper, the client is free).

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML