The built-in VPN clients in Yosemite and earlier are -
None of those can connect to an SSL VPN server.
What maybe possible is to reconfigure your either Cisco VPN server, or Juniper VPN server to enable one of these three standards as well or instead of SSL.
Now network managers have chosen to use SSL only VPN solutions for a multitude of reasons including the following.
- It is possible to automatically deploy and install the full software and settings to both Mac and Windows clients simply by getting them to visit a webpage
- SSL VPN solutions like Cisco IPSec but unlike PPTP and L2TP can be used as part of a VPN on Demand solution
- Windows clients do not have built-in Cisco IPSec support so using SSL for Windows and Macs is considered easier
- An SSL style VPN solution can defeat VPN hostile measures some ISPs and networks use
In view of the above your network manager may not allow using anything other than SSL VPN even if your particular Cisco or Juniper appliance supports them.
Those are some of the positive aspects of an SSL VPN solution. There are however plenty of negative ones as well.
The process of automatically deploying an SSL setup by visiting a webpage requires your web-browser have Java support enabled. Java in a web-browser is one of the worst things to do as it makes your web-browser vulnerable to lots of malware and this will affect Macs as well as Windows, this issue particularly offends me, in fact this is why Apple periodically disable Java in OS X due to such security issues until a new patched version of Java is available. Of course while Java is disabled by Apple this means you either cannot install the SSL VPN settings and client, or the existing SSL VPN client itself is disabled. I have seen this happen numerous times with the result that hundreds of people in a corporate were completely locked out of the company VPN system and on one occasion this was for the best part of four days due to a weekend and bank holiday.
Also using any VPN client other than the one Apple include is notorious for 'breaking' when Apple issue a new version of the operating system, until both the supplier updates their system to fix the issue, and your network manager gets around to updating your VPN Server to include that fix. This again can take days or weeks to happen.
So I currently since I have the choice and control over our systems where I now work use the built-in Cisco IPSec client with a Cisco IPSec compatible VPN server.
Note: PPTP is now considered to be particularly insecure due to its ancient design, L2TP is slightly better, and Cisco IPSec especially with the use of certificates rather than a pre-shared key is better still. Another newer even more secure option not listed above is IKEv2, this is supported already in iOS8 but is not supported in Yosemite and earlier on Macs. It is supported in El Capitan.
