Solved

Cisco SSL Smart tunnel

Posted on 2014-03-29
6
2,497 Views
Last Modified: 2014-04-17
I would like to know if the Cisco SSL Smart Tunnel can co-exists along with the Cisco Any Connect VPN solution.

Is it possible to have this both worked together. I connect to my office network using Cisco Any Connect VPN solution to access office application.
In parallel I want to connect to a Web Site which uses Cisco SMART Tunneling.
Let me know if this is possible....
0
Comment
Question by:SrikantRajeev
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39965544
Https://supportforums.cisco.com/document/56416/anyconnect-configuration-and-troubleshooting-questions-and-answers-live-webcast

Think of Smart-Tunnels as a specialized "port-forwarder", a thin-client. Smart Tunnel uses applications or web bookmarks for the configuration. Port Forwarding uses ports for the configuration.When either the core Clientless SSL VPN (CTE) or the AnyConnect full-tunnel client are not deployment options, Smart-Tunnels should be considered

Yes they can and you should not enable split tunneling and actually it is assumed anyconnect ssl vpn is setup and running properly already prior to smart tunnel for selected apps can be configured on top existing vpn tunnel established.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39980851
Does Smart tunnel works in Proxy Environment.
0
 
LVL 63

Expert Comment

by:btan
ID: 39981133
Yes, taking example of Cisco ASA 5500-X Series Next-Generation Firewalls

Smart tunnel has the following general requirements and limitations:

The remote host originating the smart tunnel must run a 32-bit version of Microsoft Windows Vista, Windows XP, or Windows 2000; or Mac OS 10.4 or 10.5.

Smart tunnel auto sign-on supports only Microsoft Internet Explorer on Windows.

The browser must be enabled with Java, Microsoft ActiveX, or both.

Smart tunnel supports only proxies placed between computers that run Microsoft Windows and the security appliance. Smart tunnel uses the Internet Explorer configuration (that is, the one intended for system-wide use in Windows). If the remote computer requires a proxy server to reach the security appliance, the URL of the terminating end of the connection must be in the list of URLs excluded from proxy services. If the proxy configuration specifies that traffic destined for the ASA goes through a proxy, all smart tunnel traffic goes through the proxy.

In an HTTP-based remote access scenario, sometimes a subnet does not provide user access to the VPN gateway. In this case, a proxy placed in front of the ASA to route traffic between the web and the end user's location provides web access. However, only VPN users can configure proxies placed in front of the ASA. When doing so, they must make sure these proxies support the CONNECT method. For proxies that require authentication, smart tunnel supports only the basic digest authentication type.
0
Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 39993302
Thanks.
What is the connect method that the proxy should support ?
Is this something different from the normal proxy access method ?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39993516
SHould be as per normal proxy e.g. Standard HTTPS proxy. Pls also see

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-2mt/sec-conn-sslvpn-smart-tunnels-support.html

Prerequisites for Cisco IOS SSL VPN Smart Tunnels Support

The operating system of the host must be a 32-bit version of Microsoft Windows Vista or Windows XP or Windows 2000.
The web browser must be enabled with ActiveX or Javascript.
A headend gateway address must be added in the Trusted Site Zone for Microsoft Windows Vista users with smart tunnel or port forwarding.
The Messaging Application Programming Interface (MAPI) protocol must be used for Microsoft Outlook Exchange communication and an AnyConnect VPN client for remote users.
Administrative privileges are required to configure the Smart Tunnels Support feature on the router in thin-client access mode.

Restrictions for Cisco IOS SSL VPN Smart Tunnels Support

Smart tunnels do not support split tunneling, Cisco Secure Desktop, private socket libraries, and MAPI proxy.
Smart tunnels must not be started in two different web browsers simultaneously.
Applications only with the winsock dll library such as Remote Desktop, VNCviewer, Outlook Express, Outlook Web Access (OWA), Secure Shell (SSH) using Putty, Telnet, FTP, and others are supported.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 40006583
Thanks
0

Featured Post

How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Read about achieving the basic levels of HRIS security in the workplace.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question