I'm new to the ASA and I'm trying to figure out the specific functional differences between the thin client WebVPN approach and the full SSL VPN client approach. I've scoured every piece of Cisco documentation I can find and I haven't found the answer. I need to know because I think we're running into a problem that may be fixable by switching to the full SVC. We are currently using the thin client.
SVC is the latest development in Cisco SSL VPN, which works similar to the IPSEC VPN client, you would have worked before.. the only difference is that you do not need to install any SVC client on your PC. Once you https onto the ASA box, and if the authentication succeeds, the ASA automatically pushes this client onto your PC. Once connection is established, you will get an ip address on your laptop, from the pool configured in ASA. This is the key difference. Once you get an IP, u are inside your VPN network and access any application...
with the thin client -> web vpn model, you will not be assigned any ip address.. the tcp forwarding rules are downloaded from the ASA to your client over a java page. any request to the servers specified on that list, it goes through the ssl vpn connection and the ASA PROXIES ALL THE REQUESTS... so, no ip address in this case on your laptop.. hence if you need to access any new server, it isnt possible unless u add it in the "forwarding" rules of the ASA...
This is the critical difference between the two, but i would advice you to proceed with SSL VPN Client, because the webvpn type of connectivity is facing out and will be stopped soon :)
Hope this helps.. all the best.. rate replies if found useful..
Thank you for the info. I was trying to determine this too but I have another question related to this one.
We have several remote users who need RDP access to their desktops. We have no control over their local PCs so traditional VPN client is not an option.
These users need to have RDP access to their particular desktop but nothing else. Is there a way to lock down their access to just RDP to their PC and nothing else? I assume that is done via filters but I am not certain. These remote PC's are considered unsecure with respect to viruses etc and we need to ensure that each one is only allowed access to their PC.
It sounds like SSL VPN is the only way to go for this, correct?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...