Solved

Cisco SSL Smart tunnel

Posted on 2014-03-29
6
2,309 Views
Last Modified: 2014-04-17
I would like to know if the Cisco SSL Smart Tunnel can co-exists along with the Cisco Any Connect VPN solution.

Is it possible to have this both worked together. I connect to my office network using Cisco Any Connect VPN solution to access office application.
In parallel I want to connect to a Web Site which uses Cisco SMART Tunneling.
Let me know if this is possible....
0
Comment
Question by:SrikantRajeev
  • 3
  • 3
6 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39965544
Https://supportforums.cisco.com/document/56416/anyconnect-configuration-and-troubleshooting-questions-and-answers-live-webcast

Think of Smart-Tunnels as a specialized "port-forwarder", a thin-client. Smart Tunnel uses applications or web bookmarks for the configuration. Port Forwarding uses ports for the configuration.When either the core Clientless SSL VPN (CTE) or the AnyConnect full-tunnel client are not deployment options, Smart-Tunnels should be considered

Yes they can and you should not enable split tunneling and actually it is assumed anyconnect ssl vpn is setup and running properly already prior to smart tunnel for selected apps can be configured on top existing vpn tunnel established.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39980851
Does Smart tunnel works in Proxy Environment.
0
 
LVL 61

Expert Comment

by:btan
ID: 39981133
Yes, taking example of Cisco ASA 5500-X Series Next-Generation Firewalls

Smart tunnel has the following general requirements and limitations:

The remote host originating the smart tunnel must run a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.

Smart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.

The browser must be enabled with Java, Microsoft ActiveX, or both.

Smart tunnel supports only proxies placed between computers that run Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user's location provides web access. However, only VPN users can configure proxies placed in front of the ASA. When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39993302
Thanks.
What is the connect method that the proxy should support ?
Is this something different from the normal proxy access method ?
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39993516
SHould be as per normal proxy e.g. Standard HTTPS proxy. Pls also see

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-2mt/sec-conn-sslvpn-smart-tunnels-support.html

Prerequisites for Cisco IOS SSL VPN Smart Tunnels Support

The operating system of the host must be a 32-bit version of Microsoft Windows Vista or Windows XP or Windows 2000.
The web browser must be enabled with ActiveX or Javascript.
A headend gateway address must be added in the Trusted Site Zone for Microsoft Windows Vista users with smart tunnel or port forwarding.
The Messaging Application Programming Interface (MAPI) protocol must be used for Microsoft Outlook Exchange communication and an AnyConnect VPN client for remote users.
Administrative privileges are required to configure the Smart Tunnels Support feature on the router in thin-client access mode.

Restrictions for Cisco IOS SSL VPN Smart Tunnels Support

Smart tunnels do not support split tunneling, Cisco Secure Desktop, private socket libraries, and MAPI proxy.
Smart tunnels must not be started in two different web browsers simultaneously.
Applications only with the winsock dll library such as Remote Desktop, VNCviewer, Outlook Express, Outlook Web Access (OWA), Secure Shell (SSH) using Putty, Telnet, FTP, and others are supported.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40006583
Thanks
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now