Cisco 5510 Getting Started Guide - Page 139
Example Network with Browser-Based SSL VPN Access - specifications
![]() |
UPC - 882658094767
View all Cisco 5510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 139 highlights
Chapter 11 Scenario: SSL VPN Clientless Connections Example Network with Browser-Based SSL VPN Access To minimize the risks involved with SSL certificates: 1. Configure a group policy that consists of all users who need Clientless SSL VPN access and enable it only for that group policy. 2. Limit Internet access for Clientless SSL VPN users, for example, by limiting which resources a user can access using a clientless SSL VPN connection. To do this, you could restrict the user from accessing general content on the Internet. Then, you could configure links to specific targets on the internal network that you want users of Clientless SSL VPN to be able to access. 3. Educate users. If an SSL-enabled site is not inside the private network, users should not visit this site over a Clientless SSL VPN connection. They should open a separate browser window to visit such sites, and use that browser to view the presented certificate. The adaptive security appliance does not support the following features for Clientless SSL VPN connections: • NAT, reducing the need for globally unique IP addresses. • PAT, permitting multiple outbound sessions appear to originate from a single IP address. Example Network with Browser-Based SSL VPN Access Figure 11-1 shows an adaptive security appliance configured to accept SSL VPN connection requests over the Internet using a web browser. 78-19186-01 Cisco ASA 5500 Series Getting Started Guide 11-3
![](/manual_guide/products/cisco-5510-getting-started-guide-a35054b/139.png)