Cisco ASA 5505 Configuration Manual page 1465
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Clientless SSL VPN
Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to the adaptive security
appliance using a web browser. There is no need for either a software or hardware client. Clientless SSL
VPN provides easy access to a broad range of web resources and both web-enabled and legacy
applications from almost any computer that can reach HTTPS Internet sites. Clientless SSL VPN uses
Secure Socket Layer Protocol and its successor, Transport Layer Security (SSL/TLS1) to provide a
secure connection between remote users and specific, supported internal resources that you configure at
a central site. The adaptive security appliance recognizes connections that need to be proxied, and the
HTTP server interacts with the authentication subsystem to authenticate users.
The network administrator provides access to network resources on a user or group basis. Users have no
direct access to these resources.
Clientless SSL VPN works on the platform in single, routed mode.
For information on configuring clientless SSL VPN for end users, see
VPN User
Security Precautions
Clientless SSL VPN connections on the adaptive security appliance differ from remote access IPSec
connections, particularly with respect to how they interact with SSL-enabled servers, and precautions to
follow to reduce security risks.
In a clientless SSL VPN connection, the adaptive security appliance acts as a proxy between the end user
web browser and target web servers. When a user connects to an SSL-enabled web server, the adaptive
security appliance establishes a secure connection and validates the server SSL certificate. The browser
never receives the presented certificate, so it cannot examine and validate the certificate.
Note
The current implementation of clientless SSL VPN on the adaptive security appliance does not permit
communication with sites that present expired certificates. Nor does the adaptive security appliance
perform trusted CA certificate validation to those SSL-enabled sites. Therefore, users do not benefit
from certificate validation of pages delivered from an SSL-enabled web server before they use a
web-enabled service.
OL-20339-01
Experience.
Browser-based VPN access does not save form-based authentication values to permanent local
storage.
C H A P T E R
Customizing the Clientless SSL
Cisco ASA 5500 Series Configuration Guide using ASDM
67
67-1
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
