1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. WS-CE500 - Catalyst Express 500-24PC
  6. Administration manual

Access Options For Ssl Vpn; Security Tips For Ssl Vpn - Cisco WS-CE500 Administration Manual

Sa500 series small business security appliances
Hide thumbs
Table of Contents

Advertisement

Configuring VPN
Configuring SSL VPN for Browser-Based Remote Access
NOTE
Cisco SA500 Series Security Appliances Administration Guide
Applications (that is, port forwarding for access to other TCP-based
applications)
The security appliance supports multiple concurrent sessions to allow remote
users to access the LAN over an encrypted link through a customizable user portal
interface. You can specify the user privileges and you can control each user's
access to network resources. You can streamline the setup process by organizing
VPN users into domains and groups that share VPN policies.
Remote Management (RMON) must be enabled, or SSL VPN access will be
blocked. For more information, see

Access Options for SSL VPN

The remote user can be given different options for SSL service:
VPN Tunnel: The remote user's SSL enabled browser is used in place of a
VPN client on the remote host to establish a secure VPN tunnel. A SSL VPN
client (Active-X or Java based) is installed in the remote host to allow the
client to join the corporate LAN with pre-configured access/policy
privileges. At this point a virtual network interface is created on the user's
PC and it is assigned an IP address and DNS server address from the
security appliance.
To create a VPN tunnel, see
Port Forwarding: Port Forwarding service supports TCP connections
between the remote user and the security appliance. A web-based
(ActiveX or Java) client is installed on the client machine. The administrator
can define the services and applications that are available to remote port
forwarding users. Users do not have access to the full LAN.
To configure port forwarding, see
page
163.

Security Tips for SSL VPN

To minimize the risks involved with SSL certificates:
Configure a group policy that consists of all users who need Clientless SSL
VPN access and enable it only for that group policy.
Limit Internet access for Clientless SSL VPN users, for example, by limiting
which resources a user can access using a clientless SSL VPN connection.
To do this, you could restrict the user from accessing general content on the
RMON (Remote Management), page
Elements of the SSL VPN, page
Configuring SSL VPN Port Forwarding,
7
197.
156.
155

Advertisement

Table of Contents
loading

Related Manuals for Cisco WS-CE500

Related Content for Cisco WS-CE500

This manual is also suitable for:

Esw-540-24 - small business pro switchEsw-540-48 - small business pro switchWs-ce500-24lc - catalyst express switchWs-ce500-24pc - catalyst express 500-24pc switchWs-ce500-24tt - catalyst express switchWs-ce500g-12tc - catalyst express 500g-12tc ... Show all

Table of Contents