One of the most robust and convenient way to allow application access to users is through the use of client-server plug-ins. The greatest benefit of using client-server plug-ins over the
smart tunnel or port forwarding solution is connecting from anywhere using anything. This is a great benefit to users who are always out and connecting from different machines (for example, from
an Internet cafe).
Because access is through a plug-in, the user does not need the full client (fat) version of the application. It operates directly within the remote user's browser, and the application traffic is sent and received through the SSL VPN tunnel to the ASA. There is also no requirement for the remote user to have administrative rights on the local PC. The ASA carries out the same action as it does for port forwarding (creates a TCP connection between itself and the application server), and then sends and receives application traffic from the server to the remote user and vice versa.
The main drawback with the plug-in solution is the lack of supported plug-ins available. The following plug-ins are currently available for download (at the time of this writing) at Cisco.com and can be imported the ASA flash:
* SSH/Telnet Client
* Citrix ICA Client
* RDP Client (used for Windows 2000 Pro, Server, and XP)
* RDP2 Client (used for Windows Vista, 7, and Server 2003 and 2008)
* VNC Client
ciscoasa(config)# import webvpn ?
exec mode commands/options:
AnyConnect-customization AnyConnect-customization
customization Configure customization file
mst-translation Configure MST component
plug-in Configure plug-in options
translation-table Configure translation table
url-list Configure a list of URLs for use with WebVPN
webcontent Configure webcontent
ciscoasa(config)# import webvpn plug-in ?
exec mode commands/options:
protocol Configure plug-in protocol
ciscoasa(config)# import webvpn plug-in protocol ssh ?
exec mode commands/options:
WORD < 256 char The URL containing data being imported
stdin Specifies that the data will be provided from stdin. If the
number of charcters is not specified after 'stdin' then the
data read from standard input is expected to be
base64-encoded followed by "\nquit\n".
ciscoasa(config)# import webvpn plug-in protocol ssh tftp://200.1.1.2/ssh.12.21.2013.jar
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Because access is through a plug-in, the user does not need the full client (fat) version of the application. It operates directly within the remote user's browser, and the application traffic is sent and received through the SSL VPN tunnel to the ASA. There is also no requirement for the remote user to have administrative rights on the local PC. The ASA carries out the same action as it does for port forwarding (creates a TCP connection between itself and the application server), and then sends and receives application traffic from the server to the remote user and vice versa.
The main drawback with the plug-in solution is the lack of supported plug-ins available. The following plug-ins are currently available for download (at the time of this writing) at Cisco.com and can be imported the ASA flash:
* SSH/Telnet Client
* Citrix ICA Client
* RDP Client (used for Windows 2000 Pro, Server, and XP)
* RDP2 Client (used for Windows Vista, 7, and Server 2003 and 2008)
* VNC Client
ciscoasa(config)# import webvpn ?
exec mode commands/options:
AnyConnect-customization AnyConnect-customization
customization Configure customization file
mst-translation Configure MST component
plug-in Configure plug-in options
translation-table Configure translation table
url-list Configure a list of URLs for use with WebVPN
webcontent Configure webcontent
ciscoasa(config)# import webvpn plug-in ?
exec mode commands/options:
protocol Configure plug-in protocol
ciscoasa(config)# import webvpn plug-in protocol ssh ?
exec mode commands/options:
WORD < 256 char The URL containing data being imported
stdin Specifies that the data will be provided from stdin. If the
number of charcters is not specified after 'stdin' then the
data read from standard input is expected to be
base64-encoded followed by "\nquit\n".
ciscoasa(config)# import webvpn plug-in protocol ssh tftp://200.1.1.2/ssh.12.21.2013.jar
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
No comments:
Post a Comment