IP VPN v IPSec
0845 058 9000 Zen IP VPN (Internet Protocol Virtual Private Network) offers the same level of security as legacy Frame Relay and ATM private networks but at a fraction of the cost. It offers significant performance benefits over internet based IPSec VPNs as no complex tunnels need to be created and managed between sites.
Unlike IPSec VPN's data passing between sites in an IP VPN does not need to be encapsulated improving speed of information transfer and reducing overall bandwidth requirements. Sites within the IP VPN are also more secure as they cannot be accessed directly from the public internet offering a significant increase in security when compared to IPSec VPN.
Zen IP VPN also offers much better scalability as sites can be added within standard provisioning times without reconfiguration of CPE at existing sites and complex configuration of new CPE offering operational cost savings. Traffic engineering within the core network also ensures priority of critical traffic between sites with 24/7 network monitoring in place to ensure maximum reliability.
A comparison of the two VPN technologies is illustrated below:
| | IP VPN | IPSec VPN |
|---|
| Topology | Virtual mesh topology. | Mainly hub-and-spoke. Mesh topology complex to implement and manage. |
|---|
| Authenticating Users | Only specific circuits can access the IP VPN. | Authenticates through digital certificate or pre-shared key. |
|---|
| Confidentiality | Inter-site traffic completely separated from public traffic. Offers same level of security as Frame Relay or ATM networks. | Uses a flexible suite of encryption and tunneling mechanisms to transfer data over public Internet. |
|---|
| QoS | Guranteed QoS within network including traffic-engineering capabilities. | Limited QoS features. No guaranteed performance. |
|---|
| Scalability | Highly scalable because no site-to-site peering is required. Sites easily added and removed without complex configurations. Capable of supporting thousands of locations. | Scalability becomes challenging for a large, fully meshed IPSec VPN deployment. Will require detailled planning and coordination. |
|---|
| Management | WAN managed by Zen. No complex configurations to manage. Network reporting features and technical support ensure performance of network. | Site to site tunnels require complex configuration and management. |
|---|
| Remote access | Yes, can include remote workers as part of IP VPN or connect into IP VPN via firewall using IPSec, PPTP and SSL VPN. | Yes, IPSec client required for remote workers. |
|---|
| Provisioning | Requires one-time provisioning to enable the site to become a member of the IP VPN. | IPSec tunnels require configuration to connect each new site. |
|---|
| VPN client | Clients are not required because IP VPN is a network-based VPN service. | A client is required for each mobile device but not for LAN to LAN VPNs. |
|---|
| Performance | Data transmitted in its raw form enabling fast packet delivery. | Overhead introduced from encryption - in terms of additional data in encapsulation and processing. |
|---|
| Pricing | No expensive on-site firewalling. Network managed by Zen freeing up IT resources. | Inexpensive on small scale. Expensive to scale as firewall required at each location with additional costs associated with configuring and managing IPSec tunnels. |
|---|