Example Network With Browser-Based Ssl Vpn Access - Cisco ASA 5505 Getting Started Manual

Adaptive security appliance

Hide thumbs Also See for ASA 5505:

Configuration manual (1822 pages)

Administrator's manual (118 pages)

Getting started manual (114 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

page of 168

/ 168
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 9

Scenario: SSL VPN Clientless Connections

Example Network with Browser-Based SSL VPN

Access

78-18003-02

Limit Internet access for Clientless SSL VPN users, for example, by limiting

which resources a user can access using a clientless SSL VPN connection. To

do this, you could restrict the user from accessing general content on the

Internet. Then, you could configure links to specific targets on the internal

network that you want users of Clientless SSL VPN to be able to access.

Educate users. If an SSL-enabled site is not inside the private network, users

should not visit this site over a Clientless SSL VPN connection. They should

open a separate browser window to visit such sites, and use that browser to

view the presented certificate.

The adaptive security appliance does not support the following features for

Clientless SSL VPN connections:

NAT, reducing the need for globally unique IP addresses.

•

PAT, permitting multiple outbound sessions appear to originate from a single

•

IP address.

Figure 9-1 shows an adaptive security appliance configured to accept SSL VPN

connection requests over the Internet using a web browser.