Thursday, May 1, 2014

Clientless SSL VPN Client-Server Plug-ins

One of the most robust and convenient way to allow application access to users is through the use of client-server plug-ins. The greatest benefit of using client-server plug-ins over the smart tunnel or port forwarding solution is connecting from anywhere using anything. This is a great benefit to users who are always out and connecting from different machines (for example, from an Internet cafe).

Because access is through a plug-in, the user does not need the full client (fat) version of the application. It operates directly within the remote user's browser, and the application traffic is sent and received through the SSL VPN tunnel to the ASA. There is also no requirement for the remote user to have administrative rights on the local PC. The ASA carries out the same action as it does for port forwarding (creates a TCP connection between itself and the application server), and then sends and receives application traffic from the server to the remote user and vice versa.

The main drawback with the plug-in solution is the lack of supported plug-ins available. The following plug-ins are currently available for download (at the time of this writing) at Cisco.com and can be imported the ASA flash:

* SSH/Telnet Client

* Citrix ICA Client

* RDP Client (used for Windows 2000 Pro, Server, and XP)

* RDP2 Client (used for Windows Vista, 7, and Server 2003 and 2008)

* VNC Client

ciscoasa(config)# import webvpn ?

exec mode commands/options:
  AnyConnect-customization  AnyConnect-customization
  customization             Configure customization file
  mst-translation           Configure MST component
  plug-in                   Configure plug-in options
  translation-table         Configure translation table
  url-list                  Configure a list of URLs for use with WebVPN
  webcontent                Configure webcontent
ciscoasa(config)# import webvpn plug-in ?

exec mode commands/options:
  protocol  Configure plug-in protocol
ciscoasa(config)# import webvpn plug-in protocol ssh ?

exec mode commands/options:
  WORD < 256 char  The URL containing data being imported
  stdin            Specifies that the data will be provided from stdin. If the
                   number of charcters is not specified after 'stdin' then the
                   data read from standard input is expected to be
                   base64-encoded followed by "\nquit\n".
ciscoasa(config)# import webvpn plug-in protocol ssh tftp://200.1.1.2/ssh.12.21.2013.jar
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!









No comments:

Post a Comment