When the number of users requiring secure access into private internal networks grew over the last several years, what grew with it was the use of Virtual Private Networks (VPNs) for remote access. However, many people tend to associate VPNs as being a complex challenge to configure that also requires specialized hardware or software on the client side of the connection.
While this may have been true over 10 years ago, the VPN solutions that are now possible avoid this complexity; and in the case of the Clientless SSL feature, eliminates the hardware and/or software client requirements as well.
This article takes a look at Cisco's Clientless SSL feature by discussing some of the possible actions that it can support and providing the configuration commands that would be used to enable it to function on the Adaptive Security Appliance (ASA) platform.
ASA Clientless SSL VPN
Unlike other common VPN client solutions, the Clientless SSL VPN does not require that a client download and install a VPN client, all communications to the central location (where the ASA is located) are done via Secure Socket Layer (SSL) or its successor, Transport Layer Security (TLS).
Because it is the same protocol that is used for common secure web browsing, the chance of there being a conflict with the accessing device's Internet connection provider is very low (which can be a problem with some forms of VPN implementation).
There are a large number of resources that can be configured to be accessible via the Clientless SSL feature, including the following:
- Internal websites
- Web-enabled applications
- Active Directory file shares
- Email proxies (POP3S, IMAP4S, and SMTPS)
- Microsoft Outlook Web Access
- Application access via port forwarding, applet, or Smart tunnel
There are certainly a vast number of different ways that the Clientless SSL feature can be configured. For the purposes of this article, only a limited subset of these will be shown to give you a taste of the possibilities that exist with the feature (and enable the article to not become a book).