Ask the Expert

What are the benefits of a tunnelless VPN?

Does it matter if a VPN is "tunnel-less?" How does a tunnelless VPN work, and are there any security risks?

    Requires Free Membership to View

There are two main technologies used to implement tunnelless VPNs: Secure Sockets Layer (SSL) and Group Encrypted Transport (GET).

Of the two technologies, you're more likely to encounter SSL-based VPNs on today's networks, only because GET is a relatively new technology. SSL-based VPNs offer remote users secure access to internal applications without the use of an IPsec VPN client. SSL VPNs are most commonly used to share Web applications. In this case, users connect to the SSL VPN, authenticate and then gain access to selected applications though the VPN server, which acts as a proxy. Generally, this setup is more secure than that of an IPsec VPN, as it allows you to strictly control a user's access without granting direct contact to the underlying network. Many SSL VPNs also offer the download of a browser-based client that allows more extensive access to the protected network, including the use of client/server applications. In this case, the security risks are the same as an IPsec-based VPN.

Group Encrypted Transport (GET) is a relatively new technology that's proprietary to Cisco Systems Inc. Networks running GET encrypt the payload portion of a packet only, allowing the address information to remain unencrypted. This provides enhanced networking functionality, permitting the use of quality of service (QoS) to prioritize encrypted traffic. However, GET also exposes VPN users to the risk of traffic analysis, as eavesdroppers may be able to determine their usage patterns from the unencrypted portion of the packet. For more details on GET, you may wish to read more about the recent debut of Cisco's tunnelless GET VPN technology on our sister site, SearchNetworkingChannel.com.

More information:

  • Learn the difference between IPsec and other tunneling protocols.
  • Use an SSL VPN to limit users' acess to applications and network resources.

This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: