Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

31-17

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 31 Managing Dynamic Access Policies for Remote Access VPNs (ASA 8.0+ Devices)

Dynamic Access Page (ASA)

URL Entry Using SSL VPN does not ensure that communication with every site is

secure. SSL VPN ensures the security of data transmission between the

remote user’s PC or workstation and the security appliance on the

corporate network. If a user then accesses a non-HTTPS web resource

(located on the Internet or on the internal network), the communication

from the corporate security appliance to the destination web server is

not secured.

In a clientless VPN connection, the security appliance acts as a proxy

between the end user web browser and target web servers. When a user

connects to an SSL-enabled web server, the security appliance

establishes a secure connection and validates the server SSL certificate.

The end user browser never receives the presented certificate, so

therefore cannot examine and validate the certificate. The current

implementation of SSL VPN does not permit communication with sites

that present expired certificates. Neither does the security appliance

perform trusted CA certificate validation. Therefore, users cannot

analyze the certificate an SSL-enabled web-server presents before

communicating with it.

Specify how the URL entry setting must be configured on the portal

page:

• Unchanged—Uses values from the group policy that applies to

this session.

• Enable—Allows a user from entering HTTP/HTTPS URLs on the

portal page. If this feature is enabled, users can enter web addresses

in the URL entry box, and use clientless SSL VPN to access those

websites.

• Disable—Disables a user from entering HTTP/HTTPS URLs on

the portal page.

Note To limit Internet access for users, select Disable for the URL

Entry field. This prevents SSL VPN users from surfing the Web

during a clientless VPN connection.

Port Forwarding tab—Lets you select and configure port forwarding lists for user sessions.

Note Port Forwarding does not work with some SSL/TLS versions.

Caution Make sure Sun Microsystems Java Runtime Environment (JRE) 1.4+ is installed on the

remote computers to support port forwarding (application access) and digital certificates.

Table 31-5 Add/Edit Dynamic Access Policy Dialog Box > Main Tab (Continued)

Element Description

previous next