
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

<html>


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">


<meta name=Generator content="Microsoft Word 10 (filtered)">

<title>[VPN] SSL VPN</title>


<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;

        text-decoration:underline;}

p

        {margin-right:0in;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman";}

span.EmailStyle18

        {font-family:Arial;

        color:navy;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>


</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>I&#8217;ve done quite of bit of testing on

this.&nbsp; You can move TS to a new port (443/80), but then that&#8217;s not

really a proxy. You can use proxies for RDP and have the traffic tunneled over

443.&nbsp; I recommend this approach so that only authenticated users have

access to RDP/Citrix server rather than the Internet at large.&nbsp; However, I

recommend against using SSL based VPNs for network layer access as they ignore

client side security.&nbsp; Do you really want users connecting from random PCs

on the Internet that already have Trojans/backdoors installed?&nbsp; Then that

hacked PC gives some other party full access to your network?&nbsp; Perhaps

from a coffee bar where they forget to log off and walk away giving an entire

city access to your internal network?&nbsp; For remote access, stick with IPSec

so that you can enforce strong authentication, firewall rules, and verify the

presence of virus scanners.</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>-S</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:

10.0pt;font-family:Arial;color:navy'>&nbsp;</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=2 face=Tahoma><span

style='font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>

<b><span style='font-weight:bold'>From:</span></b> vpn-admin@lists.shmoo.com

[mailto:vpn-admin@lists.shmoo.com] <b><span style='font-weight:bold'>On Behalf

Of </span></b>Bartsch, Vincent<br>

<b><span style='font-weight:bold'>Sent:</span></b> Monday, April 28, 2003 9:15

PM<br>

<b><span style='font-weight:bold'>To:</span></b> 'vpn@lists.shmoo.com'<br>

<b><span style='font-weight:bold'>Subject:</span></b> [VPN] SSL VPN</span></font></p>


<p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span

style='font-size:12.0pt'>&nbsp;</span></font></p>


<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:

10.0pt;font-family:Arial'>I am researching everything about SSL and it's use as

a VPN solution. I am aware of some of</span></font> <br>

<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>it's

limitations but I was wondering has anyone tried this: allowed a SSL connection

to a web</span></font> <br>

<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>server

that lets the user to open a connection to a terminal server. Or can it be

configured to</span></font> <br>

<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>connect

to a terminal server via a SSL connection directly? Has anyone tried this, were

they </span></font><br>

<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>successful?</span></font>

</p>


<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:

10.0pt;font-family:Arial'>Again, I am just researching this thought. Any word

back on this would be most appreciated,</span></font> <br>

<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>thanks.</span></font>

</p>


<p style='margin-left:.5in'><font size=2 face=Arial><span style='font-size:

10.0pt;font-family:Arial'>Vincent</span></font> </p>


</div>


</body>


</html>