The SSL VPN (also known as WebVPN) provides support, for remote user access to protected networks from anywhere on the Internet. Remote access is provided through a Secure Socket Layer- (SSL-) enabled SSL VPN gateway. The SSL VPN gateway allows remote users to establish a secure Virtual Private Network (VPN) tunnel using a web browser. This feature provides a comprehensive solution that allows easy access to a broad range of web resources and web-enabled applications using native HTTP over SSL (HTTPS) browser support. SSL VPN delivers three modes of SSL VPN access:
The remote user accesses the internal or corporate network using the web browser on the client machine. The PC of the remote user must run the Windows 2000, Windows XP, or Linux operating systems. The following applications are supported in clientless mode:
Web browsing (using HTTP and secure HTTP [HTTPS])
Provides a URL box and a list of web server links in the portal page that allows the remote user to browse the web.
File sharing (using common Internet file system [CIFS])
provides a list of file server links in the portal page that allows the remote user to do the following operations:
Browse a network (listing of domains)
Browse a domain (listing of servers)
Browse a server (listing of shares)
List the files in a share
Create a new file
Create a directory
Rename a directory
Update a file
Download a file
Remove a file
Rename a file
Such as Microsoft Outlook Web Access (OWA) 2003 (using HTTP and HTTPS) with Web Distributed Authoring and Versioning (WebDAV) extensions; provides a link that allows the remote user to connect to the exchange server and read web-based e-mail.
Also called TCP port forwarding, assumes that the client application uses TCP to connect to a well-known server and port. In thin-client mode, the remote user downloads a Java applet by clicking the link provided on the portal page, or the Java applet is downloaded automatically. The Java applet acts as a TCP proxy on the client machine for the services that you configure on the gateway. The applications that are supported in thin-client mode are mainly e-mail-based (SMTP, POP3, and Internet Map Access Protocol version 4 [IMAP4] applications. The Java applet initiates an HTTP request from the remote user client to the SSL VPN gateway. The name and port number of the internal e-mail server is included in the HTTP request (POST or CONNECT). The SSL VPN gateway creates a TCP connection to that internal e-mail server and port. The Java applet starts a new SSL connection for every client connection.
In a typical clientless remote access scenario, remote users establish an SSL tunnel to move data to and from the internal networks at the application layer (for example, web and e-mail). In full tunnel mode, remote users use an SSL tunnel to move data at the network (IP) layer. Therefore, full tunnel mode supports most IP-based applications. Full tunnel mode supports many popular corporate applications (for example, Microsoft Outlook, Microsoft Exchange, Lotus Notes E-mail, and Telnet). The tunnel connection is determined by the group policy configuration. The Cisco AnyConnect VPN Client is downloaded and installed on the remote user PC, and the tunnel connection is established when the remote user logs into the SSL VPN gateway. By default, the Cisco AnyConnect VPN Client is removed from the client PC after the connection is closed.
Q:- Does the clientless solution require anything other than an SSL capable browser?
A:- Clientless VPN i.e WebVPN client needs only an SSL-enabled web browser to access http or https-enabled web servers on the corporate LAN. For reference please check following link’s introduction.
Thin-Client SSL VPN client needs to download a small Java-based applet and allows secure access for Transmission Control Protocol (TCP) applications that use static port numbers. Here a link for Thin-client:-