From: Christian Zeng (christian@zengl.net)
Date: Thu Sep 20 2007 - 16:14:59 ART
Hi,
* pankaj ahuja wrote:
> What Im not sure about is after you configure Concentrator for SSL VPN
> client do the Users get prompted to install SSL VPN Client software when
> connecting using WebVPN? If yes then it wouldn't really be a client less
> VPN.
Correct - I also dont consider this as true clientless and I think
providing full tunneled IP access and VPN remote access features like
assigning an IP address ala IKE mode config always requires some
software on a client (Windows, at least). Even OpenVPN requires you to
install a tun/tap interface driver on windows...
There will be a prompt when visiting the website to install the client
and users will need to install a piece of software. It even requires
administrative rights on windows machines, iirc. If you look closer, its
not so heavy as a real VPN client and it doesnt have a true installer
that binds the client deep into windows, but still, it creates a
directory and put in some files there on the client (which can be
removed after a session has ended, afaik).
> Also once you're connected using SSL VPN can u access all resources via VPN
> just like the way you would in an IPsec client i.e. some resources may be
> accessed via command prompt some using another browser n stuff
Its a tunnel for all kind of IP-based traffic, from a functionality
perspective its comparable to what a IPSec remote access connection
offers (you even can apply attributes like split-tunneling, the client
gets an IP address assigned etc.).
Not sure if this still applies to newer releases of the client, but
users always have to connect to the website via their browsers to
re-initiate a tunnel, even if you tell the installer to be persistent on
a client. Juniper does this better, you will get a program group entry
in the start menu to launch the SSL client on its own, without opening a
browser first.
Regards,
Christian
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART