In today’s world, mobility is a must have. Nowadays the Internet is available everywhere, yet many people don’t take advantage of their mobile Internet for anything other then simple web browsing. Why is this? For starters, many people don’t have the security required to access their ‘work’ from locations other than their office. Users often face obstacles due to limitations of older VPN technologies, or more stringent security filtering by Network Administrators at hotels or WiFi Hot Spots.
Older VPN clients based on IPSec required either ESP (protocol 50) or AH (protocol 51) to be opened. In the past, these Administrators would just allow IP any out. These days, limiting access to well known ports is more common. I myself have run into this issue many times over, and my solution is to use SSL based VPNs.
Why would SSL based VPNs help in this case? Well, there are 2 main reasons: Firstly, SSL is a widely used port, so places will not block this (could you imagine the uproar by Web based vendors if this was the case??). Secondly, Cisco offers 3 different levels of SSL VPN depending on the machine you are using, so you don’t have to have administrative access on the machine or the ability to install software.
In Cisco land, there are 3 SSL VPNs types that I find useful:
- Clientless
- Thin-client
- Full Blown Client ( Cisco Anyconnect )
In the past, if you didn’t have the VPN client installed, and didn’t have admin privileges on the machine, you were out of luck for any VPN access. This means you would not be able to securely check e-mail or CIFS from airport kiosks or Kinko’s. Cisco’s response to this was to create a Clientless SSL VPN. With a Clientless SSL VPN, you can create a SSL connection to the firewall, authenticate, and then pass various links via this secure link.
For those of you who are looking for some more features, you can try the Thin-client. In this mode, a small Java applet is downloaded, and you can setup various port forwards to your respective applications. This allows you to use applications that have static TCP Ports like POP3 and SMTP.
If you want to pass all types of traffic via an SSL VPN tunnel, similar to the full blown IPSEC client, then the Anyconnect client is the key. This is currently the only Cisco supported VPN client for 64bit Operating Systems or Windows Vista. This requires a client to be installed on the machine, but allows for the most flexibility.
With all of these options, you should have secure surfing to your managed hosting environment from anywhere—happy hunting!
![[img]](/imagesb/yellow_star.jpg)
Share this article:
