Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL VPN - Anyconnect or clientless

Hi,

I have heard that SSL VPN using clientless feature is not so secure as compared to using Anyconnect client.

Is this true , if so what is the concern & cause for this.

Thank You!

4 REPLIES

Re: SSL VPN - Anyconnect or clientless

Either clientless SSL VPN or Annyconnect  are secure both based on SSL  128bit encryption technology, otherwise banking industry would not be using it for  online banking .

http://www.ripnroll.com/ssl_security.htm

Regards

New Member

Re: SSL VPN - Anyconnect or clientless

The Clientless mode is extremely limited. You can only use it for http/https and a few TCP only services using the Smart Tunnel feature. If you want to use applications that pass UDP packets you need the Anyconnect client.

Hall of Fame Super Silver

Re: SSL VPN - Anyconnect or clientless

The original post asked if the clientless SSL VPN was less secure than the AnyConnect. To the extent that both are based on SSL processing and encryption of data I would believe that both are equally secure from a protocol standpoint.

I am doing a project for a customer in which we use AnyConnect and various users are assigned to different groups/profiles based on their network access requirements. The profiles assign unique ranges of IP addresses to the users. And we will use access control to limit network access based on which pool address (source address of the packet) is used. So perhaps we can say that there are some potential security controls available in AnyConnect that are not available for clientless SSL VPN.

HTH

Rick

New Member

Re: SSL VPN - Anyconnect or clientless

There is a security issue with the Clientless modes IF you allow the clientless portal to connect to external untrusted sites.

http://www.kb.cert.org/vuls/id/261869

You can avoid this issue with good web ACLs and or additional firewall rules that keep the gateway from connecting to external pages.

Where as with the AnyConnect you are likely going to avoid split tunnel and want to process all traffic from the remote clients so that it goes through your enterprise firewall rules.

1281
Views
0
Helpful
4
Replies