Configuring Virtual Private Networks (VPNs) and Security
SSL VPN Server
Cisco RV220W Administration Guide 125
6
• Security Tips for SSL VPN, page 125
• Elements of SSL VPN, page 126
• Portal Layouts, page 126
• SSL VPN Policies, page 129
• Resources for SSL VPN, page 132
• SSL VPN Port Forwarding, page133
Access Options for SSL VPN
The remote user can be given different options for SSL service:
• VPN Tunnel: The remote user’s SSL enabled browser is used in place of a
VPN client on the remote host to establish a secure VPN tunnel. A SSL VPN
client (Active-X or Java based) is installed in the remote host to allow the
client to join the corporate LAN with pre-configured access/policy
privileges. At this point a virtual network interface is created on the user’s
PC and it is assigned an IP address and DNS server address from the Cisco
RV220W.
To create a VPN tunnel, see Elements of SSL VPN, page 126.
• Port Forwarding: Port Forwarding service supports TCP connections
between the remote user and the Cisco RV220W. A web-based (ActiveX or
Java) client is installed on the client machine. The administrator can define
the services and applications that are available to remote port forwarding
users. Users do not have access to the full LAN.
To configure port forwarding, see SSL VPN Port Forwarding, page 133.
Security Tips for SSL VPN
To minimize the risks involved with SSL certificates:
• Configure a group policy that consists of all users who need Clientless SSL
VPN access and enable it only for that group policy.
• Limit Internet access for Clientless SSL VPN users, for example, by limiting
which resources a user can access using a clientless SSL VPN connection.
To do this, you could restrict the user from accessing general content on the
Internet. Then, you could configure links to specific targets on the internal
network that you want users of Clientless SSL VPN to be able to access.
To Next Page
Loading...
Need help?
General
