Recently I have been handed an SA-540 to replace our old 1811W for routing and security. Currently we have everyone dialing in using Cisco VPN and the same person who gave me the device would like to use the One-Time Password from Verisign. Now then, the interesting parts. Many of our users are located at sites that have very locked down networks. By default, all ports are closed and only those needed for VPN access are opened. So,
1. What ports are required to be open on the network to allow connection and traffic flow for the SSL VPN on the SA-540? Is the java app the only way for the SSL VPN to work on this device?
2. Many of these users wish to be able to access the internet after connecting to the VPN by using our gateway. I know that with most cisco devices (like the ASA 5505) you can tell it not to split tunnel and setup global NAT. Is it possible to achieve this on the SA-540? At this point we're having everyone RDP into a local machine here, but that is slow and it causes their systems to essentially be dumb terminals.
Thank you in advance for the help... I have people breathing down my neck to get this in place, but I need to make sure my clients will still be able to operate before I pull the trigger.