vpn or ssl for b2b web app

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


My question is this: I have a b2b web services application, and i'm
adding my first client.  My original plan was to put the application on
the internet, have the client access it through https, and lock it down
to the client's IP address in our firewall.  Our client however, has
strongly suggested using VPN instead to connect our organizations. What
are the pros and cons of each? I've read a bit on the internet and see
that vpn's w/ipsec are maybe more secure (at a lower level in the
stack) but they also open up more access that I need to lock down.  Are
there performance differences? Our ssl is done with hardware so it
seems plenty fast.

Any insight greatly appreciated. Hopefully i'm making enough sense
here; i'm not a systems guy...

Site Timeline