21-1
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
CHAPT ER
21
Cisco IOS SSL VPN
Cisco IOS SSLVPN provides Secu re Socket Layer (SSL) VPN remote-access
connectivity from almost any Internet-enabled location using only a web browser
and its native SSL encryption. This enables companies to extend their secure
enterprise networks to any authorized user by providing remote-access
connectivity to corporate resources from any Internet-enabled location.
CiscoIOS SSL VPN also enables access from noncorporate-owned machines,
including home computers, Internet kiosks, and wireless hotspots, where an IT
department cannot easily deploy and manage the VPN client software necessary
for IPsec VPN connections.
There are three modes of SSL VPN access: clientless, thin-client and full-tunnel
client. Cisco SDM supports all three. Each mode is described below:
Clientless SSL VPN—Clientless mode provides secure access to private web
resources and will provide access to web content. This mode is useful for
accessing most content that you would expect to use within a web browser,
such as intranet access, and online tools that employ a web interface.
Thin Client SSL VPN (port-forwarding Java applet)—Thin Client mode
extends the capability of the cryptographic functions of the web b rowser to
enable remote access to TCP-based applications such as POP3, SMTP, IMAP,
Telne t, and SSH.
Full Tunnel Client SSL VPN—Full tunnel client mode offers extensive
application support through its dynamically downloaded SSL VPN c lient
software for CiscoI OS SSL VPN. With the Full tunnel Client for CiscoIOS
SSLVPN, we delivers a lightwei ght, centrally configured and
easy-to-support SSL VPN tunneling client that allows network layer
connectivity access to virtually any application.