IPSec Dead?
January 18, 2006 10:20 AM
I usually take Gartner's 'prophecies', 'surveys' and 'magic quadrants' with huge dollops of salt. They are good for using as quotes in presentations to scare the gullible but reality is mostly otherwise. I did so again when I read their report on the IPSec protocol.
The first fallacy in their statement is the 'younger technological rival' part -- SSL encryption technology is the grand daddy of IPSec, not the other way around. But yes, SSL VPNs are newer that IPSec VPNs. They are more as an afterthought rather than ground up. VPNs have existed in many forms. You had MS PPTP VPNs, L2TP VPNs and even unencrypted simple IP over TCP virtual networks. IPSec was considered strongest.
Secondly, SSL VPNs are not a replacement for IPSec VPNs. They are convenient for most people which is why they are increasingly used. You don't have to install any client software. All you need is a web browser to initiate an SSL VPN connection. They will succeed over IPSec VPNs in most remote applications. But IPSec will still be around for network-to-network VPNs.
Thirdly, IPSec is an integral part of IPv6. So is Gartner suggesting that IPv6 will be dead? :-) In fact, I predict, when IPv6 becomes widespread, it will be easier to use IPSec than SSL because SSL is more of an IPv4 technology and using it as VPN will mean more overhead for applications in the future.
5 comments have been added.
Add your comments.
1.
Tushar said...
IPSec, as you said, is fine for infrastructure needs. It probably won't go away, and with IPv6, it will become part of a layer that we don't normally think that much about. The reasons for SSL VPNs catching on are simply because they do enough, easily. I'm all for it.
(This also may be the result of the fact that I never quite got an IPSec tunnel to work on Linux :)
2.
Nilesh said...
The overheads of IPsec will reduce with IPv6 in use. So it will definitely pick up more use.
I too wasn't comfortable with IPsec and linux. But on OpenBSD, it used to be a breeze. I clocked one hour FW/VPN setups on OBSD at one point of time.
3.
codey said...
Gartner reports are nothing but corporate porn, the kinds that CEOs, CFOs and CTOs love to ogle at with glee while sitting on the pot.
In all the meetings that I've attended, the funny thing I see about its usage is that they are never used in internal proposals, but when you have to make a pitch to an outside firm or when an outside firm makes a pitch to you, the PPTs have like a zillion tables and pie charts citing the big G.
4.
Ambar said...
>> You don't have to install any client software. All you need is a web browser to initiate an SSL VPN connection.
Nope. Most of these SSL VPNs do install client s/w via the browser.
5.
Amol Hatwar said...
You are right. Sometimes, Gartner is all FUD.
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.
5 comments have been added. Add your comments.
1. Tushar said...
IPSec, as you said, is fine for infrastructure needs. It probably won't go away, and with IPv6, it will become part of a layer that we don't normally think that much about. The reasons for SSL VPNs catching on are simply because they do enough, easily. I'm all for it.
(This also may be the result of the fact that I never quite got an IPSec tunnel to work on Linux :)
2. Nilesh said...
The overheads of IPsec will reduce with IPv6 in use. So it will definitely pick up more use.
I too wasn't comfortable with IPsec and linux. But on OpenBSD, it used to be a breeze. I clocked one hour FW/VPN setups on OBSD at one point of time.
3. codey said...
Gartner reports are nothing but corporate porn, the kinds that CEOs, CFOs and CTOs love to ogle at with glee while sitting on the pot.
In all the meetings that I've attended, the funny thing I see about its usage is that they are never used in internal proposals, but when you have to make a pitch to an outside firm or when an outside firm makes a pitch to you, the PPTs have like a zillion tables and pie charts citing the big G.
4. Ambar said...
>> You don't have to install any client software. All you need is a web browser to initiate an SSL VPN connection.
Nope. Most of these SSL VPNs do install client s/w via the browser.
5. Amol Hatwar said...
You are right. Sometimes, Gartner is all FUD.
Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.