SrikantRajeev
asked on
Cisco SSL Smart tunnel
I would like to know if the Cisco SSL Smart Tunnel can co-exists along with the Cisco Any Connect VPN solution.
Is it possible to have this both worked together. I connect to my office network using Cisco Any Connect VPN solution to access office application.
In parallel I want to connect to a Web Site which uses Cisco SMART Tunneling.
Let me know if this is possible....
Is it possible to have this both worked together. I connect to my office network using Cisco Any Connect VPN solution to access office application.
In parallel I want to connect to a Web Site which uses Cisco SMART Tunneling.
Let me know if this is possible....
ASKER
Does Smart tunnel works in Proxy Environment.
Yes, taking example of Cisco ASA 5500-X Series Next-Generation Firewalls
Smart tunnel has the following general requirements and limitations:
The remote host originating the smart tunnel must run a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.
Smart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.
The browser must be enabled with Java, Microsoft ActiveX, or both.
Smart tunnel supports only proxies placed between computers that run Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.
In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user's location provides web access. However, only VPN users can configure proxies placed in front of the ASA. When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.
ASKER
Thanks.
What is the connect method that the proxy should support ?
Is this something different from the normal proxy access method ?
What is the connect method that the proxy should support ?
Is this something different from the normal proxy access method ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
Think of Smart-Tunnels as a specialized "port-forwarder", a thin-client. Smart Tunnel uses applications or web bookmarks for the configuration. Port Forwarding uses ports for the configuration.When either the core Clientless SSL VPN (CTE) or the AnyConnect full-tunnel client are not deployment options, Smart-Tunnels should be considered
Yes they can and you should not enable split tunneling and actually it is assumed anyconnect ssl vpn is setup and running properly already prior to smart tunnel for selected apps can be configured on top existing vpn tunnel established.