ASA – SSL

Cisco ISRs provide IPsec and SSL VPN capabilities. Specifically, ISRs are capable of supporting as many as 200 concurrent users. The Cisco ASA 5500 series provides

IPsec and SSL VPN capabilities as well. However, they are Cisco’s most advanced SSL VPN solution capable of supporting concurrent user scalability from 10 to 10,000

sessions per device. ! The ASA supports three types of remote-access VPNs: !!! Clientless SSL VPN Remote Access (using a web browser) SSL or IPsec (IKEv2) VPN Remote Access (using Cisco AnyConnect client) IPsec (IKEv1) VPN Remote Access (using Cisco VPN client) ! The ASA supports IKEv1 for connections from the legacy Cisco VPN client. IKEv2 is required for the AnyConnect VPN client. For IKEv2, it is possible to configure

multiple encryption and authentication types, and multiple integrity algorithms for a single policy. With IKEv1 for each parameter, only one value can be set per

security policy. ! The ASA provides two main deployment modes that are found in Cisco SSL VPN solutions: !!!!! Clientless SSL VPN – Clientless, browser-based VPN that lets users establish a secure, remote-access VPN tunnel to the ASA using a web browser. After authentication,

users access a portal page and can access specific, supported internal resources. Client-Based SSL VPN – Provides full tunnel SSL VPN connection but requires a VPN client application to be installed on the remote host. ! When the AnyConnect client is pre-installed on the host, the VPN connection can be initiated by starting the application. Once the user authenticates, the ASA examines

the revision of the client and upgrades it as necessary. ! Depending on the ASA SSL VPN policy configured, when the connection terminates the AnyConnect client application will either remain installed on the host or it will

uninstall itself. ! !!!!!!!!!! If NAT is configured on the ASA, then a NAT exemption rule must be for the configured IP address pool. Like IPsec, SSL client address pools must be exempt from the NAT

process because NAT translation occurs before encryption functions. Click Next to continue. !

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s