SSL remote access VPNs are a relatively new type of VPN (although the protocol itself is not new). They have a number of advantages and disadvantages when compared to other types of remote access VPNno specific client software is required by remote access user (only a web browser is required); only limited functionality is offered by clientless SSL remote access VPNs (although more functionality can be achieved using the Cisco SSL VPN Client); little configuration is required on firewalls and NAT devices because HTTPS is typically permitted/SSL is carried over TCP; and SSL VPNs, if not correctly configured, can introduce vulnerabilities into a corporate network because of the untrusted locations from which they can allow access.
The operation of SSL remote access VPNs can include the basic RSA handshake, the RSA handshake with client authentication, resumption of an SSL session, and closing an SSL connection.
SSL remote access VPNs come in two basic forms: clientless SSL remote access VPNs, and SSL remote access VPNs using specific client software. Clientless SSL remote access VPNs can provide file and web server (URL) access, port forwarding, and e-mail proxy, whereas the Cisco SSL VPN Client provides access comparable to that provided by IPsec and L2TP/IPsec remote access VPNs.
As previously discussed, SSL remote access VPNs can potentially introduce vulnerabilities into a corporate network, but these can be addressed via the implementation of the Cisco Secure Desktop. The Cisco Secure Desktop has various modules, including Cache Cleaner, VPN Feature Policy, and the Secure Desktop itself, each of which can address different types/levels of potential vulnerability.
Part I: Understanding VPN Technology
What Is a Virtual Private Network?
Part II: Site-to-Site VPNs
Designing and Deploying L2TPv3-Based Layer 2 VPNs
Designing and Implementing AToM-Based Layer 2 VPNs
Designing MPLS Layer 3 Site-to-Site VPNs
Advanced MPLS Layer 3 VPN Deployment Considerations
Deploying Site-to-Site IPsec VPNs
Scaling and Optimizing IPsec VPNs
Part III: Remote Access VPNs
Designing and Implementing L2TPv2 and L2TPv3 Remote Access VPNs
Designing and Deploying IPsec Remote Access and Teleworker VPNs
Designing and Building SSL Remote Access VPNs (WebVPN)
Part IV: Appendixes
Designing and Building SSL Remote Access VPNs (WebVPN)
Appendix B. Answers to Review Questions