Solved

Cisco SSL "Clientless" VPN

Posted on 2007-12-05
2
1,896 Views
Last Modified: 2010-04-21
Hi,

Interested in using SSL VPN with the ASA box, but have some questions I am hoping someone can verify:
Apparently there are 3 ways it can be utilised:
1. Clientless SSL VPN  - A remote client needs only an SSL-enabled web browser
2. Thin-Client SSL VPN (Port Forwarding)  - A remote client must download a small Java-based applet
3. SSL VPN Client (SVC-Tunnel Mode) - The SSL VPN Client downloads a small client to the remote workstation

So just that I am on the right track here, if I had clients and wanted absolutely nothing installed\downloaded on them I could go with 1. It may seem an obvious question, but I have found a lot of advertised "clientless" applications actually try to install certain components.

Also, a secondary question, certain web applications do use ActiveX\Java etc..so if I used option 1 and tried to access that required active x control, would the browser just try and attempt to download the control as per normal.
0
Comment
Question by:58872
2 Comments
 
LVL 28

Accepted Solution

by:
batry_boy earned 500 total points
ID: 20411416
>>So just that I am on the right track here, if I had clients and wanted absolutely nothing installed\downloaded on them I could go with 1.

That is correct.  It only uses HTTPS through your browser and doesn't require any plugins or applets to work.  I've had to use this method of VPN in situations where users didn't "own" the machines they were using and were restricted from installing absolutely ANY software on it.  However, you will find that some applications (some high-end databases with web front ends, etc.) just don't work right using this method.  It becomes an application issue at that point, but most apps that utilize a web interface work quite well.

>>Also, a secondary question, certain web applications do use ActiveX\Java etc..so if I used option 1 and tried to access that required active x control, would the browser just try and attempt to download the control as per normal.

Yes it should.  It's important to note that when using option 1, only traffic from that single browser session is tunneled to the ASA.  If you opened another browser session, you would be going straight out to the Internet without being tunneled to the ASA.  So, having said that, as long as the browser is told where to find the applet or control then it should be able to download and install it just fine.  But it sounds like you don't want to or can't install any software on the machine to begin with, so I'm not sure if this fits your needs.
0
 

Author Closing Comment

by:58872
ID: 31412804
Brilliant. Thanks.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSL VPN to Fortigate 100D 2 18
Inspect Elements on iPad 19 50
Web content filtering solution 6 21
NAT on Fortigate 2 10
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question