Chapter 9
Scenario: SSL VPN Clientless Connections
Example Network with Browser-Based SSL VPN
Access
78-18003-02
Limit Internet access for Clientless SSL VPN users, for example, by limiting
2.
which resources a user can access using a clientless SSL VPN connection. To
do this, you could restrict the user from accessing general content on the
Internet. Then, you could configure links to specific targets on the internal
network that you want users of Clientless SSL VPN to be able to access.
Educate users. If an SSL-enabled site is not inside the private network, users
3.
should not visit this site over a Clientless SSL VPN connection. They should
open a separate browser window to visit such sites, and use that browser to
view the presented certificate.
The adaptive security appliance does not support the following features for
Clientless SSL VPN connections:
NAT, reducing the need for globally unique IP addresses.
•
PAT, permitting multiple outbound sessions appear to originate from a single
•
IP address.
Figure 9-1 shows an adaptive security appliance configured to accept SSL VPN
connection requests over the Internet using a web browser.
Example Network with Browser-Based SSL VPN Access
ASA 5505 Getting Started Guide
9-3