I am working on the best option to set up remote access to our LAN. I have SSL via AnyConnect running now and I set up rules to only allow RDP traffic to certain systems. That's all I need and want for them, but I started fooling around with the clientless SSL feature and like the possibilities of the web bookmarks!
So what I was wondering is how it works basically, with smart tunnels or even just the basic portal apps. If I set up a portal page for a user that has links for RDP and a web page, does the ASA drop ALL other packets from the client ie virii, keyloggers/worms by default or do I need to rule all other traffic out as I have done for my AnyConnect set up? I noted that when looking at adding a smart tunnel link it states that all web traffic from a client will go over the SSL tunnel to our lan and then out? ie kind of like a non split-tunnel set up.
In short, I want to ensure that only traffic gets sent to LAN via a clientless SSL session for the specified apps and nothing else, and preferably maintain my split tunnel type set up that the full SSL setup has.