RE: SSL VPN Client -? clientless VPN or not?

From: Kamal N Malhotra (kmalhotr@cisco.com)
Date: Fri Sep 21 2007 - 03:05:25 ART

• Next message: Muizebelt Danny: "AW: Brian McGahan's CCIE-SP Online Training .........."
• Previous message: darth router: "Re: Real CCIE Lab"
• Maybe in reply to: pankaj ahuja: "SSL VPN Client -? clientless VPN or not?"
• Next in thread: Shlomi Kramer: "Re: SSL VPN Client -? clientless VPN or not?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Pankaj,

The SSL VPN client connects like a WebVPN client but works like an IPSEC
client. It is a clientless solution in a way i.e. you need not have a client
preinstalled. Since mode-config is pushed to the clients when connecting,
that small application is important.

In order to make it secure, you might wanna use the CSD. Normally when we
browse the sites etc, all that information is stored on the PC and anyone
logging in to the same PC can very well pull the information as in the case
of a cyber cafi. By using the CSD, we can eliminate or atleast reduce the
chances of such an instance. CSD use a secure vault when VPN is connected.
Whatever we do, the cookies etc are stored in that vault which is
inaccessible as soon as the session is disconnected. You can either
configure to delete it or let it be there but it won't be accessible by
anybody after the session is over. So noone can see what you did while you
were connected.

If I were in your place, I would go for SSL with CSD.

Thanks and warm regards,

Kamal N Malhotra

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
pankaj ahuja
Sent: Thursday, September 20, 2007 12:28 PM
To: ccielab@groupstudy.com; security@groupstudy.com
Subject: SSL VPN Client -? clientless VPN or not?

Hello All,

Has anybody ever used SSL VPN client with the VPN Concentrators? As per the
documenation it looks like that its a package that'll be installed on the
VPN Concentrator and the users will continue to VPN just like the way they
did with WebVPN and still enjoy the benefits of an IPsec client.

What Im not sure about is after you configure Concentrator for SSL VPN
client do the Users get prompted to install SSL VPN Client software when
connecting using WebVPN? If yes then it wouldn't really be a client less
VPN.

Also once you're connected using SSL VPN can u access all resources via VPN
just like the way you would in an IPsec client i.e. some resources may be
accessed via command prompt some using another browser n stuff

OR

is it like you can access all the resources via VPN till the time you
originate the request from the Web browser instance that is logged in via
VPN, i.e. command prompt and other options not available, like in case of
WebVPN.

Any ideas on this are welcome.

Thanks

Regards
Pankaj

• Next message: Muizebelt Danny: "AW: Brian McGahan's CCIE-SP Online Training .........."
• Previous message: darth router: "Re: Real CCIE Lab"
• Maybe in reply to: pankaj ahuja: "SSL VPN Client -? clientless VPN or not?"
• Next in thread: Shlomi Kramer: "Re: SSL VPN Client -? clientless VPN or not?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:14 ART