What is SSL VPN?
A Virtual Private Network (VPN) protected with Secure Sockets Layer (SSL) protocol is an excellent way to securely enable the resources of internal network to remote users. Due to inbuilt capability in modern browsers, SSL provides flexibility to the end user and less administrative requirements.
Features of SSL VPN:
An SSL VPN works with all Web browsers. Internet Protocol Security (IPSEC) VPN, the SSL VPN does not need dedicated software at the end user. This greatly increases the flexibility of SSL VPNs. Wireless users can also connect to the network through the SSL VPN, providing increased security.
Core issue
Scenario 1:
This problem occurs after a long period (40 days plus) of operation on Cisco Adaptive Security Appliance (ASA), running release 7.1.1.
This issue is documented in Cisco bug ID CSCse29700.
Scenario 2:
User have an ipsec site to site tunnel. He need to have only a certain subnet to be tunneled while everything else will go straight out to the internet, using cloud web security web filtering. How can he accomplish this split tunnel?
Resolution
Scenario 1:
To resolve the issue, reload the Adaptive Security Appliance (ASA).
Alternatively, perform these steps:
- Configure the idle timeout to less than 40 days (maybe 30 or 35 days).
- Monitor the connection.
- If the problem persists, upgrade to 7.1(2.10).
Scenario 2:
on an ASA site-site VPNs define "interesting traffic" that which should be passed via the VPN in an access-list (ACL). The ACL is referred to in a crypto map which ties together that acl and the peer firewall address.We typically also exempt that traffic from NAT so as to allow it to retain its native internal addressing.
All other traffic will then go out via the default route according to the policies (other ACLs, CWS etc) you have configured.
