5. Intrinsic limitations of SSL VPNs
SSL VPNs can provide services equivalent to IPsec using a fat client. However, the SSL protocol, based on TCP, cannot lose packets. At first glance, this may appear to be an advantage, but some real-time applications such as voice are designed to be able to lose packets in order to limit latency (network transmission delay) and jitter (latency variation). SSL therefore poses quality of service problems for certain applications.
To circumvent this problem, some gateways incorporate a mechanism that attempts to set up an IPsec tunnel and then falls back on an SSL tunnel in the event of failure. Another alternative could be the DTLS protocol
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Intrinsic limitations of SSL VPNs
Summary and conclusion
The Ultimate Scientific and Technical Reference
