Most IPsec VPNs will use custom software at each of the end points—the hub device and client. If you think about this for a bit then you will see that this process provides a high level of security. Each end point requires some type of setup steps, potentially adding more human intervention into the process.

The SSL VPN normally will not require any special client software. The overall security is the same as that of the IPsec solution. As far as setup goes, if the browser is up-to-date then the process is automatic.

Both IPsec and SSL VPNs can provide enterprise-level secure remote access. Both these technologies support a range of user authentication methods, including X.509 certificates. IPsec overall is more vulnerable to attack, unless certificates are used. SSL Web servers always authenticate with digital certificates, even in the one-way based authentication that native SSL uses. SSL will determine if the target server is certified by any of the CAs. SSL provides better flexibility in cases where trust is limited or where it is difficult (or unwise) to install user certificates (for example, on public computers)