WebVPN session
1 view
Skip to first unread message
frank...@gmail.com
Sep 22, 2008, 9:04:26 PM9/22/08
to NetGru
WebVPN session:
Paul give us a good session about WebVPN(SSL VPN) and we do have an
opportunity to overview and argue our understanding of PKI.
I would like emphasis what we discussed.
1.WebVPN is mainly suitable for Remote Access, not for site to site.
2.Clientless WebVPN is a protocol above IP and specifically designed
for WebBased applications, so http is supported natively. Http
applications are the most important reason for user to implement
WebVPN. Passive FTP, CIFS, sarmba, are supported also.
3.Thin client VPN need to dynamically download a Java Applet or
ActiveX to the browser and it can support port forwarding. Email
services (SMTP, POP3, IMAP, MAPI) can be supported, this is another
main use of WebVPN.
4.Full function WebVPN, this can support wider portfolio of protocols.
5.Restrictions: NAT, PAT not supported by WebVPN. Protocols those
negotiate ports dynamically are hard to be supported by WebVPN.
6.The mechanism is quite simple: WebVPN works as a proxy of the
client, it caches the request of the client, and act as the client at
the http server's point of view.
The communication between the client and the gateway are protected.
7.Most WebVPN provides a way to define a portal page(defined in
context), into which the most useful links can be put (defined by url-
list and url-values pairs in cisco IOS). User also can input url
manually.
8.A WebVPN device generally support multiple gateway(bind to IP:Port
and identified by name),
to be continue.
Paul give us a good session about WebVPN(SSL VPN) and we do have an
opportunity to overview and argue our understanding of PKI.
I would like emphasis what we discussed.
1.WebVPN is mainly suitable for Remote Access, not for site to site.
2.Clientless WebVPN is a protocol above IP and specifically designed
for WebBased applications, so http is supported natively. Http
applications are the most important reason for user to implement
WebVPN. Passive FTP, CIFS, sarmba, are supported also.
3.Thin client VPN need to dynamically download a Java Applet or
ActiveX to the browser and it can support port forwarding. Email
services (SMTP, POP3, IMAP, MAPI) can be supported, this is another
main use of WebVPN.
4.Full function WebVPN, this can support wider portfolio of protocols.
5.Restrictions: NAT, PAT not supported by WebVPN. Protocols those
negotiate ports dynamically are hard to be supported by WebVPN.
6.The mechanism is quite simple: WebVPN works as a proxy of the
client, it caches the request of the client, and act as the client at
the http server's point of view.
The communication between the client and the gateway are protected.
7.Most WebVPN provides a way to define a portal page(defined in
context), into which the most useful links can be put (defined by url-
list and url-values pairs in cisco IOS). User also can input url
manually.
8.A WebVPN device generally support multiple gateway(bind to IP:Port
and identified by name),
to be continue.
Reply all
Reply to author
Forward
0 new messages