cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1875
Views
0
Helpful
4
Replies

SSL VPN - Anyconnect or clientless

suthomas1
Level 6
Level 6

Hi,

I have heard that SSL VPN using clientless feature is not so secure as compared to using Anyconnect client.

Is this true , if so what is the concern & cause for this.

Thank You!

4 Replies 4

JORGE RODRIGUEZ
Level 10
Level 10

Either clientless SSL VPN or Annyconnect  are secure both based on SSL  128bit encryption technology, otherwise banking industry would not be using it for  online banking .

http://www.ripnroll.com/ssl_security.htm

Regards

Jorge Rodriguez

The Clientless mode is extremely limited. You can only use it for http/https and a few TCP only services using the Smart Tunnel feature. If you want to use applications that pass UDP packets you need the Anyconnect client.

The original post asked if the clientless SSL VPN was less secure than the AnyConnect. To the extent that both are based on SSL processing and encryption of data I would believe that both are equally secure from a protocol standpoint.

I am doing a project for a customer in which we use AnyConnect and various users are assigned to different groups/profiles based on their network access requirements. The profiles assign unique ranges of IP addresses to the users. And we will use access control to limit network access based on which pool address (source address of the packet) is used. So perhaps we can say that there are some potential security controls available in AnyConnect that are not available for clientless SSL VPN.

HTH

Rick

HTH

Rick

There is a security issue with the Clientless modes IF you allow the clientless portal to connect to external untrusted sites.

http://www.kb.cert.org/vuls/id/261869

You can avoid this issue with good web ACLs and or additional firewall rules that keep the gateway from connecting to external pages.

Where as with the AnyConnect you are likely going to avoid split tunnel and want to process all traffic from the remote clients so that it goes through your enterprise firewall rules.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: