Topic: SSL VPNs
Question: When are they used? Do I see them often? I see SSL when browsing to major websites like CLN, MS Hotmail, MS OWA. Is this considered the same thing or is SSL VPN totally different than just viewing webpages? Is it called a VPN because of all the VPN-like features in the delivery of critical informaiton?
Thanks
Mike
www.unix.org.ua
SSL VPN
Moderator: sva
8 posts • Page 1 of 1
Re: SSL VPN
by Conwyn on Fri Jul 09, 2010 9:53 am
Hi Michael
SSL is on virtual every PC in the world. So If I wanted to create a private tunnel between two parties I would need some security technology. And since SSL exists on every PC it is the idea candiate. I think tunnel throughput is not particulary high but with modern bandwidth that is not a problem.
Regards Conwyn
SSL is on virtual every PC in the world. So If I wanted to create a private tunnel between two parties I would need some security technology. And since SSL exists on every PC it is the idea candiate. I think tunnel throughput is not particulary high but with modern bandwidth that is not a problem.
Regards Conwyn
- Conwyn
Re: SSL VPN
by Michael Law on Fri Jul 09, 2010 9:53 am
Conwyn,
So are you saying that SSL VPN are abundant and portable for any application that needs to communicate over a secure connection provided that the two endpoints support SSL VPN? Therefore, transmission between my machine and the CLN uses an SSL VPN, correct? Does the SSL VPN terminate at the Web server or does it terminate prior at a device that can offload the burden?
Thanks,
Mike
So are you saying that SSL VPN are abundant and portable for any application that needs to communicate over a secure connection provided that the two endpoints support SSL VPN? Therefore, transmission between my machine and the CLN uses an SSL VPN, correct? Does the SSL VPN terminate at the Web server or does it terminate prior at a device that can offload the burden?
Thanks,
Mike
- Michael Law
Re: SSL VPN
by Keith Barker on Fri Jul 09, 2010 9:54 am
Hello Mike -
An HTTPS session to a web server, is different than the Cisco concept of SSL VPN. For example, with the anyconnect Cisco client, a client can begin by connecting to the head end SSL VPN server, using only SSL, and after authenticating can have the anyconnect client downloaded and installed on the PC. The anyconnect client, then still using SSL (as opposed to ESP or AH, (IPSec protocols)), can be assigned a routeable virtual IP address from the head end server, and the client can tunnel traffic to the corporate network just as if they were running an IPSec VPN client. The big difference, is the transport: SSL vs IPSec.
Best wishes,
Keith
An HTTPS session to a web server, is different than the Cisco concept of SSL VPN. For example, with the anyconnect Cisco client, a client can begin by connecting to the head end SSL VPN server, using only SSL, and after authenticating can have the anyconnect client downloaded and installed on the PC. The anyconnect client, then still using SSL (as opposed to ESP or AH, (IPSec protocols)), can be assigned a routeable virtual IP address from the head end server, and the client can tunnel traffic to the corporate network just as if they were running an IPSec VPN client. The big difference, is the transport: SSL vs IPSec.
Best wishes,
Keith
- Keith Barker
Re: SSL VPN
by Conwyn on Fri Jul 09, 2010 9:54 am
Hi Michael
No.
Imagine SSL like TCP. Two user can run a TCP session between them. Two users can run SSL between them.
The TCP carries HTTP FTP Mail etc and the SSL carries tunnel protocol at the conceptual level. HTTPS is an example. VPN-SSL is another.
Please read the URL I cited.
Regards Conwyn
No.
Imagine SSL like TCP. Two user can run a TCP session between them. Two users can run SSL between them.
The TCP carries HTTP FTP Mail etc and the SSL carries tunnel protocol at the conceptual level. HTTPS is an example. VPN-SSL is another.
Please read the URL I cited.
Regards Conwyn
- Conwyn
Re: SSL VPN
by Jared H on Fri Jul 09, 2010 9:55 am
I am running a set up that Keith has describe. Before the anyconnect client, the old 3000 series VPN concentrators had a SSL VPN client and what you did was go to a web portal, authenticate, and then the SSL VPN client would download on your computer and establish a VPN connection that used SSL as the transport instead of IPSec.
It was nice because we didn't have to worry about installing and configuring the Cisco VPN Client.... although I still do use the IPsec client as well.
It was nice because we didn't have to worry about installing and configuring the Cisco VPN Client.... although I still do use the IPsec client as well.
- Jared H
Re: SSL VPN
by Michael Law on Fri Jul 09, 2010 9:55 am
Thanks to Conwyn, Keith and Jared.
Conwyn - I'll read that article after I take my CCDA on Saturday and get back with you on this post. I need to stay focused on the exam first.
Thanks again everyone,
Mike
Conwyn - I'll read that article after I take my CCDA on Saturday and get back with you on this post. I need to stay focused on the exam first.
Thanks again everyone,
Mike
- Michael Law
8 posts • Page 1 of 1
Return to Cisco Career Certifications
Who is online
Users browsing this forum: No registered users and 5 guests