• User has access to a range of Web Resources, including:
o Internal Web Sites: (https server)
o Windows NT/Active Directory file shares
o Email Proxies: including POP3S, IMAPS4, SMTPS
o MS Outlook Web Access
o Messaging Application Programming Interface (MAPI)
o Other TCP-based applications
• Use Secure SocketLayer (SSL) protocol and its successor Transport Layer Security (TLS) to provide a secure connection between remote users and specific supported internal resources that are configured on a central site.
• The ASA recognizes connections that need to be proxied and the http server interacts with the authentication subsystem to authenticate users.
• Access to WebVPN resources are giving ona group basis, users have no direct access to resources on the internal network.
• For full network access, the SSL VPN dynamic client is available.
• Through ASDM the following WebVNP functionalities:
o Content Rewrite: provides transparent application layer proxying of http traffic such as Java Script to enable proper operation of applications so that nothing isbroken, all communication is secure and internal information is not exposed to external users.
▪ Processes application traffic through a content transformation engine
▪ Enabled by default
▪ An administrator can allow users to browse certain sides and applications without going through the ASA by creating rewrite rules to enable or disable contentrewriting.
▪ This concept is similar to split tunneling in IPSec based VPN
o Proxy Bypass: alternative writing method that makes minimal changes to the original content.
▪ Maybe useful with complex objects such as Java, ActiveX and DV Script
o Application Profile Customization FrameWork (APCF): enables the ASA to handle non-standard TCP applications sothat they display correctly over a WebVPN connection
o Port Forwarding: enables application access by forwarding all WebVPN traffic destined to the configured port without transforming it.
o Proxies: require all Web access via a server you control. Provides an opportunity for filtering to assure secure Web access and administrative control.
• There are also options on theWebVPN menu that enable you to:
o Configure Web type access-lists for WebVPN
o Configure the Cisco Secure Desktop (CSD)
o Configure the ASA to download the SSL VPN client image files to remote computers
o Configure caching, which enhances WebVPN performance by storing frequently reused objects in the system cache.
o Specify character encoding forWebVPN portal pages to remote clients.
o Configure SSO for WebVPN users.
o Customize the appearance of the WebVPN user interface via WebVPN customization.
• WebVPN and the user interface is a series of html panels:
o The first panel displayed is the “Login Screen”
o After the user logs in, the VPN home page is displayed, the home page displays all of theWebVPN features you have configured, it can enable users to:
▪ browse the network,
▪ enter URLs
▪ access specific Web sides
▪ use port forwarding to access TCP applications, for example: to start port forwarding, also known as “Application Access” a user can simple click the “Application Access” link the application access panel opensdisplaying the TCP applications configured for this WebVPN connection
▪ the flowing toolbar lets users enter URLs, browse files locations, and choose reconfigured Web Connections with interfering with the main browser window.
• On clientless SSL VPN connections the ASA acts as a proxy between the end user’s Web browser and target Web servers.
o When a user...
Leer documento completo
Regístrate para leer el documento completo.