ASA - SSL VPN Thin Client - part 1
Thin Client often called "Port Forwarding" is a solution which can help to extend functionality of Clientless VPN solution.You still do not need any special software like vpn client but it gives you some extra features.
Port Forwarding uses Java so it is necessary that Java is installed on end-user station.
Go to Port forwarding menu.
List name cannot contain "spaces".
Click "Add" and configure port forwarding.
Forward telnet to core switch
To connect to core switch via telnet(on port 23) you will physically connect to port 5000 on local PC then your connection will be forwarded to Core switch.
Forward ssh to firewall
SSH port forwarding
Click "OK" to close forwarding list.
Apply changes (see CLI view below).
Go to group-policy ( we created during SSL VPN Clientless tutorial)
Click "Edit" and go to Portal - Port Forwarding List, untick "Inherit" and choose our port forwarding list.(see picture below).
When you tick "Auto Applet Download" "Port forwarding application" will automatically after login to SSL VPN.
It works good in IE browsers but with the rest I recommend not to enable it.
Click "OK" and apply configuration.
Login to SSL VPN and click "Application Access"
Click "Start Applications" to run port forwarding.
Now do telnet to 127.0.0.1 on port 5000 to connect via telnet to core switch.
telnet 127.0.0.1 5000
Our application shows us too traffic has been sent to/from core switch.
Be carefull traffic via telnet is only secured to ASA. From asa to switch traffic is send via normal, unencrypted telnet protocol.