Remote Access

Remote-access VPN Solutions

Cisco AnyConnect Secure Mobility Client with SSL

Client-Based SSL VPNs provide authenticated users with LAN-like, full network access to corporate resources. However, the remote devices require a client application, such as the Cisco VPN Client or the newer AnyConnect client to be installed on the end-user device.

In a basic Cisco ASA configured for full tunneling and a remote access SSL VPN solution, remote users use the Cisco AnyConnect Secure Mobility Client, shown in Figure 1, to establish an SSL tunnel with the Cisco ASA. After the Cisco ASA establishes the VPN with the remote user, the remote user can forward IP traffic into the SSL tunnel. The Cisco AnyConnect Secure Mobility Client creates a virtual network interface to provide this functionality. The client can use any application to access any resource, subject to access rules, behind the Cisco ASA VPN gateway.

Cisco Secure Mobility Clientless SSL VPN

The clientless SSL VPN deployment model enables corporations to provide access to corporate resources even when the remote device is not corporately-managed. In this deployment model, the Cisco ASA is used as a proxy device to network resources. It provides a web portal interface for remote devices to navigate the network using port-forwarding capabilities.

In a basic Cisco ASA clientless SSL VPN solution, remote users employ a standard web browser to establish an SSL session with the Cisco ASA, as shown in Figure 2. The Cisco ASA presents the user with a web portal over which the user can access internal resources. In the basic clientless solution, the user can access only some services, such as internal web applications, and browser-based, file-sharing resources, as shown in Figure 3.