Extending the Clienteles SSL VPN Features
-Plugins for remote access
-Smart Tunnel specific programs
To restrict clienteles users, we can filter using webType ACLs.
If a user want FTP, CIFS and HTTPS, clienteles SSL VPN is great.
If a user want to access specific server and want Remote desktop RDP to it. This is not possible with native Clientless SSL vpn.
To achieve this, we can install plugin in ASA and this plugin allow additional functionality so that we can use RDP.
Assign this ASA to the group for which user is member of, so that when client connects with SSL VPN user will have option of RDP.
If user want a SSH connection to some server on internal network, we can install SSH plugin on ASA. This also support telnet by default.
SSH and telnet should not be allowed to everyone. We should provide such access only to admins.
For browsing easiness, we can create bookmarks
Navigate to below path on ASDM to install plugin
Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Portal -> client server plugin
To install plugins we need not to have admin rights
We also can restrict the users from accessing all these protocols. We can disable the address bar for them and we can provide specific bookmarks for them. We can also create web ACL for certain group.
Smart Tunnel :
what if user want to install an application like RDP locally on hard disk and want to communicate with internal network
Solution is Port Forwarding which is old way and Smart Tunneling.
When user want to communicate to internal server using RDP the traffic will flow through tunnel.
Navigate to below path on ASDM for Smart Tunnel
Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Portal -> Smart Tunnel
How to create message digest for certain process in window
open cmd
fciv -sha1 c:\windows\system32\mstsc.exe
Now we need to apply smart tunnel to certain group
group-policy Sales-Group attributes
webvpn
smart-tunnel enable RDP-local
exit
No comments:
Post a Comment