Clientless SSL VPN

Unanswered Question
Feb 4th, 2008

Good afternoon,

I am looking for a complete way to set up the Cisco ASA 5520 into a clientless VPN setup. My goal is to have my clients use http or https from their Remote Connection. I would like a page to pop up and ask them for authentication via RADIUS and Windows NT login. Then I would like for them to have access to whatever they would have access to with our IPSEC VPN client.

If this will not be possible, what are my options? If i use the AnyConnect, isn't that an agent client?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
husycisco Mon, 02/04/2008 - 11:15

Hi Dwane

For achieving exactly what you want, you have to upgrade your IOS to 8.x and ASDM 6.x first for importing RDP plugin. Then read the following articles to configure Web VPN

First Config

Importing RDP plugin

You dont need anyconnect.

Keep in mind that you need SSL VPN client license for more than 2 sessions.


dpatkins Mon, 02/04/2008 - 11:21

I appreciate the response and will look at these documnets. RDP Plugin is for Remote Desktop? While alot of our users do use the Remote Desktop procedure, that does not always work. If one uses a laptop both at work and at home, they really have no where to Remote Desktop too, correct? Or am I off the mark on this one?



husycisco Mon, 02/04/2008 - 11:31

Web VPN does not offer a direct IP connectivity that you can not use Remote Desktop (mstsc) software to connect to your client. You have to do this on Web Interface.

"If one uses a laptop both at work and at home, they really have no where to Remote Desktop too, correct"

I couldnt understand this one

dpatkins Mon, 02/04/2008 - 12:13

The point I was trying make is--I am using a laptop here at work right now. When I go home and use my Cisco VPN client to VPN in, I do not need to utilize remote desktop since I have my laptop configure to work as I would want it to remotely. Basically, I do not need to use Remote Desktop.

I guess it is safe to assume that no Cisco product right will allow us to use a SSL VPN which we can web in, authenticate and have access?

Thank again for the input.


m-ketchum Mon, 02/11/2008 - 18:49

Sure there is. You need to be specific in what services you want.

You have 4 options:

Clientless SSL VPN (WebVPN)-Provides a remote client that requires an SSL-enabled Web browser to access HTTP or HTTPS Web servers on a corporate local-area network (LAN). In addition, clientless SSL VPN provides access for Windows file browsing through the Common Internet File System (CIFS) protocol. Outlook Web Access (OWA) is an example of HTTP access.

Thin-Client SSL VPN (Port Forwarding)-Provides a remote client that downloads a small Java-based applet and allows secure access for Transmission Control Protocol (TCP) applications that use static port numbers. Point of presence (POP3), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure access. Because files on the local machine change, users must have local administrative privileges to use this method. This method of SSL VPN does not work with applications that use dynamic port assignments, such as some file transfer protocol (FTP) applications.

SSL VPN Client (Tunnel Mode)-Downloads a small client to the remote workstation and allows full secure access to resources on an internal corporate network. You can download permanently the SSL VPN Client (SVC) to a remote workstation, or you can remove the client once the secure session is closed.

Anyconnect - SSL VPN Client on steroids. ASA software 8.0 required.

ryderse69 Wed, 02/13/2008 - 14:28

I have two Cisco 3000's that I need to setup to allow remote users RDP access to their desktops.

I don't think Web VPN will work for this because RDP is not a Web App. Is that correct?

If so, what solution is recommended for what I need?

Thanks in advance,



This Discussion