Table of Contents
Advertisement
Configuring VPN
Configuring SSL VPN for Browser-Based Remote Access
Cisco SA500 Series Security Appliances Administration Guide
Internet. Then, you could configure links to specific targets on the internal
network that you want users of Clientless SSL VPN to be able to access.
•
Educate users. If an SSL-enabled site is not inside the private network,
users should not visit this site over a Clientless SSL VPN connection. They
should open a separate browser window to visit such sites, and use that
browser to view the presented certificate.
Elements of the SSL VPN
Several elements work together to support SSL VPN.
•
Portal: To access your network, user starts a web browser and then enters
the URL for your portal. The security appliance is pre-configured with a
portal that you can use for all users. You can modify title, banner heading,
banner message, security settings, and access type (VPN tunnel, port
forwarding, or both). In addition, you can create different portal layouts for
different groups of users. For example, you could create two portal layouts
for two groups that have access to different resources. On each portal
layout, you would customize the banner message to provide customized
information for the portal users.
IMPORTANT: If you plan to create different portal layouts for different user
domains, you must create the portal layouts first. In the scenario, start with
Scenario Step 1: Customizing the Portal Layout, page
going to create different portal layouts, you can start the scenario with this
step so that you can review the default settings and modify, as needed. In
addition, the Portal Layouts page shows you the URL that you need to
provide to the portal users.
•
Users: Create your VPN users. You can use the default domain and group or
configure your own domains and groups. As you create each user record,
be sure to select SSL VPN User as the User Type. Instructions are included
in the scenario, or for complete details about domains, groups, and users,
see
Chapter 8,
•
VPN Policies: The default VPN policies should be sufficient for most
purposes. As needed, you can create more complex policies. See
the SSL VPN Policies, page
•
Port Forwarding: You can configure port forwarding to allow access to a
limited set of resources. For example, you may want the SSL VPN users to
access the email service only. See
page
163.
"Administration.".
160.
Configuring SSL VPN Port Forwarding,
7
157. If you are not
Creating
156
Hide quick links:
Advertisement
Table of Contents
