Solved: Re: Client SSL Vpn question`

jmartina42 · ‎03-17-2012

not sure if this is possible /device asa 5550 - But can a Client establish a SSL VPN to remote network and devices on the remote network access local network printers?

so you got one client one network A that creates a SSL VPN to network B , can network B be configured so that automatic job come across the same ssl vpn to a Different IP?

Julio Carvajal · ‎03-17-2012

I do not know if its just me but I do not understand what you mean with this:

so you got one client one network A that creates a SSL VPN to network B , can network B be configured so that automatic job come across the same ssl vpn to a Different IP?

Can you try it to explain it one more time?

Now, I think you are saying the following, please look this:

HQ----ASA----INTERNET----------Office2

Now the Office2 will do a clientless SSL vpn to the ASA and afterwards you want the HQ to be able to contact some printers or servers on office 2 via the clientless SSL vpn, If that is the question the answer is NO. the clientless SSL vpn will only allow traffic to go from office2 to the HQ, and not all traffic, it will depend on what you use to configure the clientless ssl ( Smart tunnels, Port-forwarding,Plugins).

Again I am not sure if that was the question.

Regards,

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎03-17-2012

I do not know if its just me but I do not understand what you mean with this:

so you got one client one network A that creates a SSL VPN to network B , can network B be configured so that automatic job come across the same ssl vpn to a Different IP?

Can you try it to explain it one more time?

Now, I think you are saying the following, please look this:

HQ----ASA----INTERNET----------Office2

Now the Office2 will do a clientless SSL vpn to the ASA and afterwards you want the HQ to be able to contact some printers or servers on office 2 via the clientless SSL vpn, If that is the question the answer is NO. the clientless SSL vpn will only allow traffic to go from office2 to the HQ, and not all traffic, it will depend on what you use to configure the clientless ssl ( Smart tunnels, Port-forwarding,Plugins).

Again I am not sure if that was the question.

Regards,

Julio

Do rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

jmartina42 · ‎03-17-2012

Yes sorry if i worded it wrong. But yeah office2 uses the ssl vpn to HQ then in HQ there are print daemons that need to send jobs to print q's in office2 (network printer on office2 lan) that make sense?

And Site to Site is the option for this instead of ssl vpn since we need HQ to communicate back to office2 lan. This is what i thought i was told by someone it could be done, well its been few years since i did hand on cisco and ssl vpn in 2007 was newer atleast the anyconnect or something so i never really got the hands on....i told them site to site from day one thanks for your answer

Julio Carvajal · ‎03-18-2012

Hello,

Glad I could help.

Let me know if you have any other questions.

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

jmartina42 · ‎03-18-2012

One more question, is there another kind of SSL VPN that they could be referring to?

Julio Carvajal · ‎03-18-2012

Hello,

Noup we have only clientless SSL and for SSL client we only have the Anyconnect client witch is a tunnel all VPN.

Any other question, just let me know.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC