|
Using a client VPN IPSEC for remote access is a very good and is a widely used solution. However, it does require two things to work. 1. A VPN client 2. The correct IP protocol access. Sometimes, these things are not always available. You might have users you wish to access a server as a client site or when doing a sales demonstration but are unable to run the client as the firewall blocks them access. Or you might find users are not able to have the VPN client installed on their machine due to incompatibility reasons (e.g. another vpn client installed) or security policies restricting the installation of software. In this case there is a workaround in the form of the SSL VPN. This is a clientless solution which will allow you to connect where perhaps the IPSEC client version would have failed. Since it uses SSL the majority of firewall and proxy servers will let the traffic pass whereas IPSEC would be more likely to be blocked. Note: Calling it clientless is a little bit cheeky as you do need a JAVA JRE and web browser on the machine you wish to access your remote server from. The following guide tells you how to do it with a CISCO VPN 3000 series. Note: Some of the early Ciscos concentrator did not ship with the correct level of firmware to support SSL VPN functionality. You may need to check this out and if required upgrade your firmware.
In this example I will show you how to enable Telnet (yes I know I should be using SSH but this is just for example) to a remote sure using the WEBVPN. Step 1. Connect to the managment console of your VPN Concentrator. Step 2. From the left hand pane choose Configuration \ Tunneling and Security \ Step 3. Choose WebVPN \ PortForwarding.  Step 4. Click Add to add a new Port Forwarding entry. Choose a name for the name entry field. I have called mine Aardvark after the servers hostname.
Step 5. In the Local Port number box enter a port number that your remote client will use when they connect. It should be a number that is not likely to be in use by the local machine already. So avoid well known port numbers. I have chosen 20007. This is port number your client application will have to be configured to use. Step 6. Enter IP address of the Server you wish to publish in my case it is 10.0.0.60 Step 7. Finally enter the REAL port number of the server as I want TELNET and my server is listening for TELNET connections on port 23 I will enter 23. Step 8. Save this configuration TESTING Step 9. From a test remote client machine open up a browser and enter the external IP address (or DNS name) of your VPN concentrator. Actually it doesn't have the external any interface that has WEBVPN enabled on it will be work. Step 10. Login (Your Cisco 3000 Concentrator should hopefully prompt you to enter some kind of login credentials) Step 11. Click on Start Spplication Access. If this is the first time you have tried this you may have to install a JRE from the box. Step 12. After a moment Port forwading shouldbe working. Now try a test telnet. To do this you have to telnet to localhost on port 20007 - this is becasue your machine is acting as a 'proxy' for the remote machine. Issue the command telnet localhost 20007. If all goes well you should be prompted with a telnet login prompt! 
|
Elertz Tips 
