ESP is normally used by most - because of the performance factor.

However, if you have your ISP blocking UDP 4500, then you need to think of SSL which is more of a compatibility reason why you use this.

Hope the above helps.

By default, Juniper VPN client supports SSL fallback.

So, when a VPN client tries to establish a ESP tunnel, if there is anything which is blocking the ESP traffic, then the client auto-fallsback to SSL for compatibility seamlessly and the client is normally enabled to connect.

However, suggestion is - on the SA - Try to set the default connection as ESP.

Please go to

http://kb.pulsesecure.net

and search for KB8569 for more detail on this.

If the above have answered your query completely, please accept solution and close this thread.

and when we said ESP is more faster than SSL transport configuration, is-it only when the connexion is established or it's also the case for the communication inside the VPN ? If we used ESP, the communication inside the VPN (access to Exchange or CIFS share for example) will be most faster than SSL configuration ?

And concerning the security, the ESP and SLL are the same level or SSL is more secure because, it's not necessary to open a new port (UDP 4500) on the FW ?

ESP vs SSL mode is the transport mechanism between the client and the SA.  Between the SA and the backend will the protocol the client would normally use if they were on the LAN (usually tcp port 80 or 443).

In short, ESP is faster than SSL due to the chatty nature of SSL and TCP protocol.  ESP utilizes UDP on port 4500.  For more detailed information between the two transport methods, please refer to http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB8569