Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1978
Views
8
Helpful
4
Replies

Thin client vs. SSL VPN client

jneiberger
Level 2
Level 2

‎04-26-2007 10:24 AM

I'm new to the ASA and I'm trying to figure out the specific functional differences between the thin client WebVPN approach and the full SSL VPN client approach. I've scoured every piece of Cisco documentation I can find and I haven't found the answer. I need to know because I think we're running into a problem that may be fixable by switching to the full SVC. We are currently using the thin client.

Any thoughts?

Thanks!

Labels:
0 Helpful
4 Replies 4

sachinraja
Level 9
Level 9

‎04-26-2007 08:40 PM

Hello John,

SVC is the latest development in Cisco SSL VPN, which works similar to the IPSEC VPN client, you would have worked before.. the only difference is that you do not need to install any SVC client on your PC. Once you https onto the ASA box, and if the authentication succeeds, the ASA automatically pushes this client onto your PC. Once connection is established, you will get an ip address on your laptop, from the pool configured in ASA. This is the key difference. Once you get an IP, u are inside your VPN network and access any application...

with the thin client -> web vpn model, you will not be assigned any ip address.. the tcp forwarding rules are downloaded from the ASA to your client over a java page. any request to the servers specified on that list, it goes through the ssl vpn connection and the ASA PROXIES ALL THE REQUESTS... so, no ip address in this case on your laptop.. hence if you need to access any new server, it isnt possible unless u add it in the "forwarding" rules of the ASA...

This is the critical difference between the two, but i would advice you to proceed with SSL VPN Client, because the webvpn type of connectivity is facing out and will be stopped soon :)

Hope this helps.. all the best.. rate replies if found useful..

Raj

ryderse69
Level 1
Level 1
In response to sachinraja

‎07-14-2008 10:55 AM

Thank you for the info. I was trying to determine this too but I have another question related to this one.

We have several remote users who need RDP access to their desktops. We have no control over their local PCs so traditional VPN client is not an option.

These users need to have RDP access to their particular desktop but nothing else. Is there a way to lock down their access to just RDP to their PC and nothing else? I assume that is done via filters but I am not certain. These remote PC's are considered unsecure with respect to viruses etc and we need to ensure that each one is only allowed access to their PC.

It sounds like SSL VPN is the only way to go for this, correct?

Thanks in advance,

-Steve

0 Helpful

whisperwind
Level 1
Level 1
In response to ryderse69

‎07-14-2008 11:11 AM

Steve,

Any vpn can accomplish what you are wanting i.e. vpn users only RDP to their desktop

In the user attributes section of the config do the following:

username USER attributes

vpn-group-policy USERS-ACL

were the place you want thtem to go to is defined in an acl

ryderse69
Level 1
Level 1
In response to whisperwind

‎07-14-2008 12:15 PM

Thanks. I had a feeling that either method would work but I wanted to be certain.

The reason I ask is that we want to make sure that remote PC's can not spread any software to other machines, intentional or otherwise.

I think we are going to use the SSL VPN so we don't have to deal with installing VPN clients on end users PC's.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents