A VPN cannot just interconnect individual branches, but it can also facilitate the client’s access to sources located in inaccessible part of the company’s network through HTTPS (HyperText Transfer Protocol for Secure) - HTTP (HyperText Transfer Protocol) protocol with SSL/TLS support to source clients located in an inaccessible part of the corporate network. The client connects through a standard SSL/TLS-enabled web browser to the inbound web page where he/she enters his/her login information. If they are correct, a shared network resources page becomes available. Every connection is secured by SSL/TLS.
SSL VPN also addresses some drawbacks to the classic IPSec VPN. IPSec VPN has problems passing through NAT. This can be bypassed by the NAT-T mechanism, which consists of packing IPsec packets and / ESP packets into UDP datagrams, however, it increases the protocol overhead. Another disadvantage is the need for special software on the subscriber side in the case of remote access to the VPN. Implementation of IPsec clients of different manufacturers may also not be mutually compatible, the tunnel may not be built due to security rules in foreign networks (e.g. by filtering outbound traffic, using proxy servers), ...
A number of these issues can be avoided by using SSL/TLS VPNs. This VPN access is referred to as SSL VPN or Clientless VPN because the user does not need special software to access VPNs; a common web browser with HTTPS support can be used.
The term SSL VPN is often referred to as a number of mutually incompatible technologies. However, they are all based on the same basic idea, which is the use of asymmetric cryptography and SSL/TLS libraries for secure communication. Nowadays, SSL/TLS technology is widely used for encrypted HTTPS web server access.
The goal of SSL VPN is to create a transparent encrypted tunnel based on SSL/TLS. Due to the presence of SSL in common web browsers, it is not necessary to install any special client software on client computers to achieve most of the functionality offered. SSL VPN solutions are also used for small applications in the form of Java applets or ActiveX components. The abundance of premium equipment significantly influences the value of SSL VPN implementations from different manufacturers.
The basic functionality of SSL VPN is secure access to the company’s internal information resources. An encrypted SSL tunnel is created between the SSL VPN gateway and the web browser on the client computer. In this form, SSL VPN can serve very well as an easy-to-implement way to securely access the Web portals of the company’s information systems within the Internet. Another common feature of the SSL VPN solution is the ability to use shared CIFS (Common Internet File System) to share files from newer versions of Windows or NFS (Network File System).