I am looking for the equivalent of a network-based VPN solution - in terms of functionality -- but SSL-based so that a clien tis not necessary.
So, with network VPN, a client establishes a session with a concentrator, which terminates the VPN connection, then the client is authenticated, and then assigned a local IP address from the LAN pool.
I want all that functionality, but in the form of SSL. So, what I am envisioning is opening a browser, entering an IP address of the SSL appliance that will terminate the connection, then get authenticated and assigned an address. Hopefully, I can get the SSL appliance to do local authnetication and local DHCP services, because the company does not own separate aaa or AD servers, nor do they have a DHCP server.
Cisco offers both clientless SSL VPN as well as Anyconnect (previously called SVC: SSL VPN client).
Note that the Anyconnect client does not need to be pre-installed (it can be but it doesn't have to be).
I.e. you can connect with a browser to the IOS router or ASA firewall, authenticate, the client will automatically install on your local machine, it will connect (using SSL) and get an IP address assigned, and when you're done it will either remain installed or clean itself up (depending on how you configure it).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...