Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
0
Helpful
3
Replies

"clientless" in SSL VPN

wfqk
Level 5
Level 5

‎06-21-2015 08:27 AM - edited ‎03-11-2019 11:09 PM

Hi I read several documents about SSL vpn. But I could not find what is exact meaning of "clientless". Anyone can give me explanation or link ? Thank you

Labels:
0 Helpful
3 Replies 3

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎06-21-2015 12:38 PM

Hi,

Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to an adaptive security appliance using a web browser. Users do not need a software like anyconnect, vpn client etc.

Clientless SSL VPN connections on the adaptive security appliance differ from remote access IPSec connections, particularly with respect to how they interact with SSL-enabled servers, and precautions to follow to reduce security risks.

In a clientless SSL VPN connection, the adaptive security appliance acts as a proxy between the end user web browser and target web servers. When a user connects to an SSL-enabled web server, the adaptive security appliance establishes a secure connection and validates the server SSL certificate. The browser never receives the presented certificate, so it cannot examine and validate the certificate.

The current implementation of clientless SSL VPN on the adaptive security appliance does not permit communication with sites that present expired certificates. Nor does the adaptive security appliance perform trusted CA certificate validation to those SSL-enabled sites. Therefore, users do not benefit from certificate validation of pages delivered from an SSL-enabled web server before they use a web-enabled service.

For more details:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/webvpn.html

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful

wfqk
Level 5
Level 5
In response to Kanwaljeet Singh

‎06-22-2015 07:35 PM

Thank you so much for your reply. SSL vpn has three modes. They are clientless, thin-client and full-tunnel client. Cisco document talked a lot about what they are, respectively. But I do not know why Cisco gave this name -- clientless. Can you tell a little about it ? 

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to wfqk

‎06-22-2015 08:16 PM

hi,

those 3 modes are just the different flavors or strategies in deploying VPNs.

please find helpful links with samples for clientless, thin client and full tunnel (now called Anyconnect)

http://ccnpsecuritywannabe.blogspot.com/2014/03/deploying-clientless-ssl-vpn-webvpn.html

http://ccnpsecuritywannabe.blogspot.com/2014/04/clientless-ssl-vpn-port-forwarding.html

http://ccnpsecuritywannabe.blogspot.com/2014/06/anyconnect-secure-mobility-client.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card