Configuring SSL VPN

SSL VPN is a flexible and secure way to extend network resources to virtually any remote user. The security appliance supports the SSL VPN feature, and interoperates with the Cisco AnyConnect Secure Mobility Client software.

A valid security license is required to support SSLVPN with mobile devices such as smart phones and tablets. For more information, see Activating Security Services, page 227.

Figure 9  shows an example of SSL VPN. Users can remotely access the network by using the Cisco AnyConnect Secure Mobility Client software. When the SSL VPN tunnel is established, each user will have an IP address on the internal network.

Figure 8-7 SSL Remote User Access

 

This section describes how to configure the SSL VPN feature. Refer to the following topics:

 • Elements of the SSL VPN

 • Configuration Tasks to Establish a SSL VPN Tunnel

 • Installing Cisco AnyConnect Secure Mobility Client

 • Importing Certificates for User Authentication

 • Configuring SSL VPN Users

 • Configuring SSL VPN Gateway

 • Configuring SSL VPN Group Policies

 • Accessing SSL VPN Portal

 • Allowing SSL VPN Clients to Access the Internet

Note We do not recommend that you connect a PC or a phone device directly to a WAN port of the security appliance to establish the SSL VPN connection between them.