Discussion on:
Clientless SSL VPN remote access set-up guide for the Cisco ASA

7
Comments
Add Your Opinion

Join the conversation!

Follow via:
RSS
Email Alert
Community Preferences
0 Votes
+ -
How secure is it?
kmdennis@... Updated - 24th Apr 2009
Knowing what we know about the insecurity of ssl and how it can be breached, how secure is this connection? And what is the advantage of adding so much more burden to this system? Is it such a monster that it can efficiently handle the firewall, communication, etc? Does this not open up further possibilities to that already porous IE browser? Will it work with all other browsers?
0 Votes
+ -
Depends
Lori H 24th Apr 2009
SSL VPN has it's pros and cons. Security, as always, is definetly something you want to look at!
Here is a link you may find helpful.

http://www.cisco.com/web/about/security/intelligence/05_08_SSL-VPN-Security.html

Consider all factors before deciding which VPN solution is the 'right one'.
0 Votes
+ -
Disabling MD5 and RC4
career@... 24th Apr 2009
I'm surprised the article makes no mention of the weaknesses surrounding RC4 and MD5. You can disable these two algorithms in ASDM by selecting Configuration -> Device Management -> Advanced -> SSL Settings.

And naturally you'll want to make sure any Certificates used by the ASA were not signed using MD5 as the hash.
1 Vote
+ -
Holy Cow!
dave@... 24th Apr 2009
No wonder SonicWall VPNs are so popular.
0 Votes
+ -
RE: Clientless SSL VPN remote access set-up guide for the Cisco ASA
Demo_Dog 24th Apr 2009
Some of the CLI switches were lost to advertising due to a frame just a bit too narrow.
How can I get a complete listing?
0 Votes
+ -
RE: Clientless SSL VPN remote access set-up guide for the Cisco ASA
ScriptDummy 24th Apr 2009
It currently doesn't work with IE 7

It did work great with FireFox 2.x however its kind of unstable with F 3.x

Big Bennie the VPN Client doesn't work on Vista 64 but this does.
0 Votes
+ -
What about Self-Signed Certs?
career@... 24th Apr 2009
I was a bit surprised to see "the ASA does not permit communication with sites that have invalid certificates." Does that mean if an internal web server has a self-signed cert, then the ASA will not allow the client to access it?

One of the major benefits of Clientless SSL VPN is it lessens the need for an internal CA and Certs for each service. So I don't understand why the ASA would be so strict about this.
Keyboard Shortcuts:
Prev
Next
Toggle
Join the conversation
Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

Join the TechRepublic Community and join the conversation! Signing-up is free and quick, Do it now, we want to hear your opinion.

Join Login

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question