I have difficulty understanding certain aspects of port forwarding with ASA and webvpn. When doing port forwarding does a java client need to be 'downloaded' from the ASA or do some applications not require the java download but still need port forwarding? I am specifically referring to rdp and terminal services.
Also, is it necessary to use a webtype acl? If I use a webtype acl...which IP do I use....the 127.0.0.1 which is used to gain access to the server....or is it the server's static, private IP address, or is it the public IP address?
Thanks for your help. I have a great deal of experience with ipsec site-to-site and dynamic vpn tunnels....but am having difficulty with the ssl vpns.
With regard to webvpn port-forwarding, once the user connects, there is a java window thats launched of the port forwarding part. The java window is launched locally from the PC. Its not pushed down to the PC from the ASA. Only the port forwarding information is pushed down.
webtype ACL is configured if you want the users to access only certain type of web sites or only certain networks on your internal site through the application/URL launch box.
IF you plan to use webtype ACL, you have to use the IP address that needs to be accessed by the client, not the 127.0.0.1 address.
Servers private IP address can be used if you are planning on using webtype ACL.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...