Avaya Secure Remote Access Manual de usuario descargar pdf (Pagina 10)

Secure Remote Access Technical Solution Guide v1.0

______________________________________________________________________________________________________

3. Supported access modes

The VPN Gateway portfolio provides several different access modes. These access modes can

be used concurrently by different users or groups. They can be served from the same public IP

address or separated as desired. Each mode has advantages and disadvantages in terms of

application support flexibility, compatibility, and security.

3.1 IPsec

IPsec delivers network level access to the intranet through a preinstalled software client that

provides a virtual network adapter to the client operating system. All applications and protocols

are supported, and the end user experience is comparable to that of a LAN connected user.

Access controls configured on the VPN Gateway limit which subnets the client can access.

Endpoint security for IPsec access is provided by an installed version of the TunnelGuard agent.

IPsec strengths include broad application support and the fact that it is a proven, time-tested

technology for Secure Remote Access.

IPsec weaknesses include the fact that the client must be installed on each connecting device

and the fact that some networks may block the protocol ports used by IPsec. This can be an

issue for traveling employees that spend time in corporate intranets managed by external parties,

such as customers or business partners.

3.2 SSL-VPN Clientless Mode

SSL-VPN Clientless Mode allows any web browser to be used as a VPN client. It provides access

to a portal with links to web-based applications (see Figure 1 for a sample SSL-VPN portal).

The advantages of SSL-VPN Clientless Mode include ubiquitous access, including home PCs,

Internet kiosks and shared or public PCs. No software installation is required. A Java Virtual

Machine is required to provide endpoint compliance checking through an applet-based version of

TunnelGuard. Another benefit of SSL-VPN Clientless Mode is that it provides a highly restricted

access mode, with all web requests proxied by the VPN Gateway. This provides a high level of

granular access control, including URL path checking on a per-group basis.

SSL-VPN Clientless Mode cannot provide access to non-web applications.

3.3 SSL-VPN Enhanced Clientless Mode

SSL-VPN Enhanced Clientless Mode extends the Clientless Mode through Java applets that

enable client-server application communication. This mode provides access to many client-server

applications, such as e-mail clients, including Microsoft Outlook, and remote access applications,

such as Windows Terminal Server or Citrix.

SSL-VPN Enhanced Clientless Mode cannot provide access to complex applications that do not

support Network Address Translation (NAT) or that use dynamic ports. An example of a complex

application is Voice over IP (VoIP).

3.4 SSL-VPN NetDirect Mode

NetDirect Mode provides full network level access through a virtual adapter. A browser-based

applet version of NetDirect is available, as well as a preinstalled client version. NetDirect was

developed to provide IPsec-like access without the limitations of IPsec, such as the requirement

for preinstallation and issues with NAT and firewall traversal. NetDirect supports any IP

1 2 ... 5 6 7 8 9 10 11 12 13 14 15 ... 32 33

Sin comentarios

Avaya Secure Remote Access Manual de usuario Pagina 10