Hello everyone, we are in a process to deploy Cisco Client-less VPN in our production environment but during our testing we face some challenges, please help me to answer below concerns.
- SSL Vulnerabilities with no workarounds and fixes provided by Cisco.
Cisco Adaptive Security Appliance Clientless SSL VPN Cross-Site Scripting Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn2
Cisco Adaptive Security Appliance Software SSL VPN Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-asa-ssl-vpn-dos
- Some components of Clientless SSL VPN like RDP, SSL require the Java Runtime Environment(JRE) or is there any other way around?
- In case of Java we observe following limitations
- With Mac OSX and Windows OS, Java is not installed by default.
- Firefox 52.0 and later does not support plug-ins, Native Apps (e.g. Citrix Receiver, MS Office apps, etc.) and Java
- Compatibility issues with updated JRE versions
Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies