1. Trang chủ
  2. » Công Nghệ Thông Tin

Lecture CCNA security partner - Chapter 15: SSL VPNs with Cisco ASA

47 45 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 47
Dung lượng 1,89 MB

Nội dung

This chapter describes the use cases and operational requirements of SSL VPNs and offers a detailed presentation on the operations of SSL. The chapter explains configurations, deployment options, and design considerations. It describes the steps to configure both Cisco VPN clientless mode and Cisco full-tunnel mode on Cisco ASA using the Cisco AnyConnect client.

Chapter 15 SSL VPNs with Cisco ASA © 2012 Cisco and/or its affiliates All rights reserved Contents This chapter prepares you to meet these objectives: • Describe the use cases and operational requirements of Cisco SSL VPNs • Describe the protocol framework for SSL and TLS • Describe a configuration that is based on SSL VPN deployment options and other design considerations • Describe the steps to configure Cisco VPN clientless mode on Cisco ASA and demonstrate the configuration on Cisco ASDM • Describe the steps to configure Cisco full-tunnel mode on Cisco ASA and demonstrate the configuration on Cisco ASDM using the Cisco AnyConnect VPN Client © 2012 Cisco and/or its affiliates All rights reserved SSL VPNs in Borderless Networks • Remote-access and mobility services have gone through drastic changes in the past few years • There are three market transitions driving the network architectures of the future: – Mobility – Video – IT Consumerization © 2012 Cisco and/or its affiliates All rights reserved Cisco SSL VPN • The Cisco SSL VPN technology provides remote-access connectivity from almost any Internet-enabled location with a web browser and its native SSL encryption • Cisco SSL VPN provides the flexibility to support secure access for all users, regardless of the endpoint host from which they establish a connection • If application access requirements are modest, SSL VPN does not require a software client to be preinstalled on the endpoint host • This ability enables companies to extend their secure enterprise networks to any authorized user by providing remote-access connectivity to corporate resources from any Internet-enabled location • Cisco SSL VPN currently delivers three modes of Cisco SSL VPN access: clientless, thin client, and full client © 2012 Cisco and/or its affiliates All rights reserved Clientless SSL VPN Versus IPsec VPN © 2012 Cisco and/or its affiliates All rights reserved SSL and TLS Protocol Framework • SSL and TLS provide confidentiality, integrity, and authentication services to the applications that use them • SSL is used to encrypt and authenticate the session layer and above • As such, it encrypts more than just HTTP (called HTTPS); it can also encrypt FTP (thus FTPS), POP (for POPS), LDAP (for LDAPS), wireless security (EAP-TLS), and others © 2012 Cisco and/or its affiliates All rights reserved SSL/TLS Encapsulation © 2012 Cisco and/or its affiliates All rights reserved SSL and TLS © 2012 Cisco and/or its affiliates All rights reserved SSL Cryptography © 2012 Cisco and/or its affiliates All rights reserved SSL Tunnel Establishment © 2012 Cisco and/or its affiliates All rights reserved 10 Task 2: VPN Protocols and Device Certificate © 2012 Cisco and/or its affiliates All rights reserved 33 Task 3: Client Image © 2012 Cisco and/or its affiliates All rights reserved 34 Selecting the Client Image © 2012 Cisco and/or its affiliates All rights reserved 35 Task 4: Authentication Methods © 2012 Cisco and/or its affiliates All rights reserved 36 Task 5: Client Address Assignment © 2012 Cisco and/or its affiliates All rights reserved 37 Task 6: Network Name Resolution Servers © 2012 Cisco and/or its affiliates All rights reserved 38 Task 7: Network Address Translation Exemption © 2012 Cisco and/or its affiliates All rights reserved 39 Task 8: AnyConnect Client Deployment Summary © 2012 Cisco and/or its affiliates All rights reserved 40 Phase 2: Configure the Cisco AnyConnect VPN Client Connecting to the Portal to Eventually Request an AnyConnect Installation Download © 2012 Cisco and/or its affiliates All rights reserved 41 Cisco AnyConnect Installed from a VPN Clientless Session © 2012 Cisco and/or its affiliates All rights reserved 42 Phase 3: Verify VPN Connectivity with Cisco AnyConnect VPN Client © 2012 Cisco and/or its affiliates All rights reserved 43 Detailed Information on Current VPN Session © 2012 Cisco and/or its affiliates All rights reserved 44 Summary The key points covered in this chapter are as follows: • Market trends drive the need for effective remote-access security and present challenges to the IT organization • The SSL protocol uses the cryptology concepts presented in this chapter • Cisco SSL VPN solutions include clientless and full client tunnel modes of operation • Cisco SSL VPN clientless mode can be configured on Cisco ASA using Cisco ASDM • Cisco SSL VPN full client tunnel mode can be configured on Cisco ASA using Cisco ASDM and the Cisco AnyConnect VPN Client © 2012 Cisco and/or its affiliates All rights reserved 45 References • For additional information, refer to this resource: – CCNP Security VPN 642-648 Official Cert Guide, Second Edition (Cisco Press) © 2012 Cisco and/or its affiliates All rights reserved 46 © 2012 Cisco and/or its affiliates All rights reserved 47 ... configure Cisco full-tunnel mode on Cisco ASA and demonstrate the configuration on Cisco ASDM using the Cisco AnyConnect VPN Client © 2012 Cisco and/or its affiliates All rights reserved SSL VPNs. .. Consumerization © 2012 Cisco and/or its affiliates All rights reserved Cisco SSL VPN • The Cisco SSL VPN technology provides remote-access connectivity from almost any Internet-enabled location with a web... using Cisco AnyConnect: – Phase Configure Cisco ASA for Cisco AnyConnect – Phase Configure the Cisco AnyConnect VPN Client – Phase Verify VPN Connectivity with Cisco AnyConnect © 2012 Cisco and/or

Ngày đăng: 30/01/2020, 10:58

TỪ KHÓA LIÊN QUAN