Solved

Cisco SSL Smart tunnel

Posted on 2014-03-29
6
2,437 Views
Last Modified: 2014-04-17
I would like to know if the Cisco SSL Smart Tunnel can co-exists along with the Cisco Any Connect VPN solution.

Is it possible to have this both worked together. I connect to my office network using Cisco Any Connect VPN solution to access office application.
In parallel I want to connect to a Web Site which uses Cisco SMART Tunneling.
Let me know if this is possible....
0
Comment
Question by:SrikantRajeev
  • 3
  • 3
6 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39965544
Https://supportforums.cisco.com/document/56416/anyconnect-configuration-and-troubleshooting-questions-and-answers-live-webcast

Think of Smart-Tunnels as a specialized "port-forwarder", a thin-client. Smart Tunnel uses applications or web bookmarks for the configuration. Port Forwarding uses ports for the configuration.When either the core Clientless SSL VPN (CTE) or the AnyConnect full-tunnel client are not deployment options, Smart-Tunnels should be considered

Yes they can and you should not enable split tunneling and actually it is assumed anyconnect ssl vpn is setup and running properly already prior to smart tunnel for selected apps can be configured on top existing vpn tunnel established.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39980851
Does Smart tunnel works in Proxy Environment.
0
 
LVL 63

Expert Comment

by:btan
ID: 39981133
Yes, taking example of Cisco ASA 5500-X Series Next-Generation Firewalls

Smart tunnel has the following general requirements and limitations:

The remote host originating the smart tunnel must run a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.

Smart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.

The browser must be enabled with Java, Microsoft ActiveX, or both.

Smart tunnel supports only proxies placed between computers that run Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user's location provides web access. However, only VPN users can configure proxies placed in front of the ASA. When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39993302
Thanks.
What is the connect method that the proxy should support ?
Is this something different from the normal proxy access method ?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39993516
SHould be as per normal proxy e.g. Standard HTTPS proxy. Pls also see

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-2mt/sec-conn-sslvpn-smart-tunnels-support.html

Prerequisites for Cisco IOS SSL VPN Smart Tunnels Support

The operating system of the host must be a 32-bit version of Microsoft Windows Vista or Windows XP or Windows 2000.
The web browser must be enabled with ActiveX or Javascript.
A headend gateway address must be added in the Trusted Site Zone for Microsoft Windows Vista users with smart tunnel or port forwarding.
The Messaging Application Programming Interface (MAPI) protocol must be used for Microsoft Outlook Exchange communication and an AnyConnect VPN client for remote users.
Administrative privileges are required to configure the Smart Tunnels Support feature on the router in thin-client access mode.

Restrictions for Cisco IOS SSL VPN Smart Tunnels Support

Smart tunnels do not support split tunneling, Cisco Secure Desktop, private socket libraries, and MAPI proxy.
Smart tunnels must not be started in two different web browsers simultaneously.
Applications only with the winsock dll library such as Remote Desktop, VNCviewer, Outlook Express, Outlook Web Access (OWA), Secure Shell (SSH) using Putty, Telnet, FTP, and others are supported.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40006583
Thanks
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
policy routing to fw2 18 77
Tools to detect weak WiFi routers prior connecting to it 14 139
ssh setup on Cisco swith 11 86
Enterprise level monitoring tools 2 29
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question