*It works on Layer 3 (Network Layer) of OSI Model.
*Since, it works on Network Layer, it secures all data that travels between two end points without an association to any specific application.
*Once, it gets connected then the person will be virtually connected to the respective entire network and able to access the entire network
*It defines how to provide data integrity, authenticity and confidentiality over insecure network like Internet.
*It completes its goal through tunneling, Encryption and Authentication.
*It is complex because the two entities which will communicate via IPSEC have to agree on same security policies which must be configured on the both end of the devices.
*A Single IPSec tunnel secures all the communication between the devices regardless of traffic type. It can be TCP, UDP, ICMP etc or any application like e-mail, client-server, database.
*It works on Layer 7 (Application Layer) of OSI Model.
*It is a protocol used for secure web-based communication over the Internet.
*It uses encryption and authentication to keep communications private between two devices, typically, web server and user machine.
*Like IPSec, SSL also provides flexibility by providing level of security.
*Unlike IPSec, SSL helps to secure one application at a time and each application is supported via web browser.
*All basic web browser application such as IE or Mozilla supports SSL, by default. But, not all the application supports same so it requires upgrading which is very cost consuming.
*Above problem can be resolved by purchasing SSL VPN gateway whichis deployed at the edge of the corporate network and serve as a proxy to LAN application such as e-mail, file servers and the other resources.
*The browser thinks it is directly communicating with the application and application thinks it is directly communicating with browser.SSL VPN makes it transparent to the either side of the network.