[...]... 82 Cisco SSL VPN Family of Products 85 Overview of Cisco SSL VPN Product Portfolio Cisco ASA 5500 Series 87 SSL VPN History on Cisco ASA 87 SSL VPN Specifications on Cisco ASA SSL VPN Licenses on Cisco ASA 89 85 88 Cisco IOS Routers 90 SSL VPN History on Cisco IOS Routers 90 SSL VPN Licenses on Cisco IOS Routers 90 Summary Chapter 5 91 SSL VPNs on Cisco ASA 93 SSL VPN Design Considerations 93 SSL VPN... 14 Chapter 1: Introduction to Remote Access VPN Technologies is not a widely deployed remote access technology because of security flaws in its protocol implementation Remote access technologies can be selected depending on the security policy set by your enterprise Table 1-1 summarizes the remote access technologies that were discussed in this chapter Table 1-1 Remote Access VPN Technologies Summary... remote access VPN protocols are SSL VPN, IPsec, L2TP, L2TP over IPsec, and PPTP Figure 1-2 shows a deployment model in which different types of remote users are using the remote access VPN technologies The figure illustrates a mobile user, a home-office user, and a number of small branch office users accessing corporate resources using the remote access protocols Figure 1-2 Remote Access Deployment Mobile User... Protocol (L2TP) over IPsec, and SSL VPN, are discussed to provide readers with an overview of the available remote access VPN technologies Chapter 2, SSL VPN Technology”: This chapter provides a technology overview of the building blocks of SSL VPNs, including cryptographic algorithms, SSL and Transport Layer Security (TLS), and common SSL VPN technologies xix • • Part II, SSL VPN Design Considerations... VPN Context 239 Step 3: Configuring SSL VPN Look and Feel 241 Step 4: Configuring SSL VPN Group Policies 245 Advanced SSL VPN Features 247 Configuring Clientless SSL VPNs 247 Windows File Sharing 253 Configuring Application ACL 257 Thin Client SSL VPNs 259 Step 1: Defining Port-Forwarding Lists 261 Step 2: Mapping Port-Forwarding Lists to a Group Policy 262 AnyConnect SSL VPN Client 264 Step 1: Loading... Certification SSL and TLS 30 SSL and TLS History 30 SSL Protocols Overview 31 OSI Layer Placement and TCP/IP Protocol Support 31 SSL Record Protocol and Handshake Protocols 33 SSL Connection Setup 34 Application Data 42 Case Study: SSL Connection Setup 43 DTLS 48 25 xi SSL VPN 49 Reverse Proxy Technology 50 URL Mangling 52 Content Rewriting 53 Port-Forwarding Technology 55 Terminal Services 58 SSL VPN Tunnel...x Contents Introduction Chapter 1 xviii Introduction to Remote Access VPN Technologies 3 Remote Access Technologies 5 IPsec 5 Software-Based VPN Clients 7 Hardware-Based VPN Clients 7 SSL VPN 7 L2TP 9 L2TP over IPsec PPTP 13 Summary Chapter 2 11 14 SSL VPN Technology 17 Cryptographic Building Blocks of SSL VPNs 17 Hashing and Message Integrity Authentication 17 Hashing 18 Message... 220 SSL VPNs on Cisco IOS Routers 223 SSL VPN Design Considerations IOS SSL VPN Prerequisites 225 223 215 206 xv IOS SSL VPN Configuration Guide 226 Configuring Pre -SSL VPN Setup 226 Setting Up User Authentication 226 Enrolling Digital Certificates (Recommended) 229 Loading SDM (Recommended) 232 Initial SSL VPN Configuration 235 Step 1: Setting Up an SSL VPN Gateway 237 Step 2: Setting Up an SSL VPN... select a remote access VPN technology that meets the needs and requirements of your organization, this chapter provides an overview of the different technologies The remote access VPN technologies discussed included IPsec, SSL VPN, L2TP, L2TP over IPsec, and PPTP This page intentionally left blank This chapter describes the following topics: • • • Background SSL and TLS SSL VPN CHAPTER 2 SSL VPN Technology... directly to the network This mode requires you to use a dynamically downloadable SSL VPN client before access is granted To learn more about SSL VPN and the three deployment modes, consult Chapter 2, SSL VPN Technology.” SSL VPN offers the advantage that it is platform independent Using any browser that supports SSL, you can access resources without worrying about the underlying operating system Secondly, . Street Indianapolis, IN 46240 USA Cisco Press SSL Remote Access VPNs Jazib Frahim, CCIE No. 5459 Qiang Huang, CCIE No. 4937 ii SSL Remote Access VPNs Jazib Frahim, Qiang Huang Copyright©. Family of Products 85 Chapter 5 SSL VPNs on Cisco ASA 93 Chapter 6 SSL VPNs on Cisco IOS Routers 223 Chapter 7 Management of SSL VPNs 313 Index 332 x Contents Introduction