WEBVTT 00:01.750 --> 00:02.890 We had a look at the gateway. 00:02.890 --> 00:03.370 Right. 00:03.880 --> 00:07.390 Using this, we'll add thick client thin client to it. 00:08.680 --> 00:10.120 How do you add the thin client? 00:11.230 --> 00:15.070 It's called you go to your web context again. 00:15.880 --> 00:17.260 Admin context. 00:18.320 --> 00:19.430 It's called port Forward. 00:20.860 --> 00:23.150 Inclined is also known as, quote, forward. 00:23.170 --> 00:24.970 Now, the way you do it is. 00:26.840 --> 00:28.550 You have to do it separately here. 00:30.340 --> 00:33.320 When you hear right, you have to create the port forward separately. 00:38.060 --> 00:41.210 And then specify the name of the port forwarding list. 00:42.730 --> 00:43.840 I'll call it R1. 00:46.540 --> 00:47.530 Now, look here. 00:47.530 --> 00:48.550 This is important. 00:48.580 --> 00:49.870 Local port. 00:50.080 --> 00:53.360 I'll keep it as 25,000 remote server. 00:53.380 --> 00:54.670 I want to access ten, 11. 00:54.670 --> 00:55.450 11.1. 00:55.450 --> 00:57.150 For example, remote port. 00:57.160 --> 01:00.550 I want to access 23 here. 01:00.550 --> 01:01.690 Description is important. 01:01.690 --> 01:03.460 Usually you don't have description, right? 01:03.490 --> 01:05.830 Description is optional in this command. 01:05.830 --> 01:08.980 This is the only command I have seen where description you have to put. 01:10.220 --> 01:10.700 I'll call it. 01:10.700 --> 01:14.770 This is Telnet to R1. 01:19.030 --> 01:22.030 So what you're doing is you're going into port forward. 01:22.300 --> 01:25.660 You're saying local port is 25,000. 01:27.290 --> 01:30.660 Remote server is 1011 11.1. 01:31.620 --> 01:34.650 Remote port is 23. 01:35.320 --> 01:36.340 And description. 01:39.530 --> 01:40.240 Is delayed. 01:41.180 --> 01:41.560 I one. 01:43.250 --> 01:45.170 Where do you call this port forward list? 01:46.790 --> 01:47.330 I'll explain. 01:47.750 --> 01:48.800 Just keep it in mind. 01:49.730 --> 01:50.870 I'll get out of here. 01:51.890 --> 01:53.210 Where do I call this port? 01:53.210 --> 01:53.840 Forward. 01:56.950 --> 02:01.180 Inside the policy group. 02:02.310 --> 02:02.940 Admin. 02:03.740 --> 02:06.920 Policy put forward name was what are. 02:10.150 --> 02:11.770 So you create the list somewhere. 02:12.040 --> 02:13.420 You create the list outside. 02:13.420 --> 02:13.900 You call it. 02:13.900 --> 02:14.170 Where? 02:14.170 --> 02:15.940 In under the policy. 02:16.390 --> 02:17.990 Think of this as default. 02:18.010 --> 02:18.860 This has to be there. 02:18.880 --> 02:20.290 You'll work between these two. 02:23.060 --> 02:24.950 So the boat forward is. 02:28.190 --> 02:28.850 Called R1. 02:29.240 --> 02:29.840 It was here. 02:29.840 --> 02:30.590 Also called. 02:33.470 --> 02:34.910 Let's see how this helps us. 02:35.980 --> 02:36.200 Keep. 02:36.540 --> 02:37.710 Remember this part. 02:38.310 --> 02:40.840 Then log out again now. 02:40.860 --> 02:46.140 Thin client requires you to have the perfect version of Java on your PC. 02:47.380 --> 02:47.580 Right. 02:47.580 --> 02:50.520 So most of the times they will you will not be able to find it. 02:50.520 --> 02:58.890 But I would recommend that you use your Windows XP as a VM machine and update the Java there because 02:58.890 --> 03:01.480 the latest version of Java on XP works perfectly okay. 03:04.560 --> 03:04.700 Okay. 03:04.710 --> 03:04.950 Click. 03:04.950 --> 03:05.290 Okay. 03:05.310 --> 03:06.180 What do you see? 03:08.210 --> 03:09.860 Thin client application. 03:10.540 --> 03:11.200 I'll start. 03:14.250 --> 03:14.610 Now click. 03:14.610 --> 03:15.330 Continue. 03:19.020 --> 03:19.740 Except. 03:20.680 --> 03:21.820 The encrypted session. 03:25.820 --> 03:26.150 Java. 03:28.340 --> 03:28.710 Right. 03:28.820 --> 03:29.700 Always trust. 03:29.720 --> 03:30.500 Yes. 03:35.930 --> 03:37.070 This is your thinking. 03:39.130 --> 03:40.220 This is your thin client. 03:40.240 --> 03:40.420 What? 03:40.420 --> 03:43.900 Your thin client basically is saying very simple things. 03:44.110 --> 03:46.760 It's guiding your SSL VPN. 03:46.780 --> 03:51.940 Now, since this is a layer seven application, it sits on top of all the applications that you are 03:51.940 --> 03:53.260 running Java. 03:56.320 --> 03:58.030 On top of all the applications you're running. 03:58.600 --> 04:04.150 So whenever you ping or telnet, it has to go through Java first and then it will go down. 04:05.200 --> 04:06.580 Okay, so now what? 04:06.610 --> 04:13.660 Basically Java is saying is if you try to access 127 001 at which port number. 04:14.600 --> 04:15.710 25,000. 04:16.990 --> 04:17.980 Your packet. 04:19.540 --> 04:20.950 We'll be going through. 04:25.100 --> 04:29.450 SSL VPN for ten, 11, 11 one four port number 20. 04:30.920 --> 04:33.780 Earlier you only had to access http http. 04:33.860 --> 04:34.490 Ten 1111. 04:34.910 --> 04:40.430 Now you are saying is if this part matches, whatever is here will also go through the tunnel. 04:42.500 --> 04:47.870 It's sitting here on top of everything else, making sure that it reads the connection, what it actually 04:47.870 --> 04:48.440 means. 04:48.470 --> 04:49.850 Let me just show it to you. 04:50.120 --> 04:55.940 If you party into 127 .0.0.1, which port number? 04:56.960 --> 04:59.060 25,000. 05:01.490 --> 05:03.860 25,001 27 001. 05:04.970 --> 05:06.440 You're actually going to go where? 05:07.980 --> 05:08.160 To. 05:10.690 --> 05:10.990 Right now. 05:10.990 --> 05:12.460 It was closed because. 05:13.400 --> 05:14.090 Obviously. 05:19.890 --> 05:24.450 Since Java again is a Layer seven application, it sits on top of everything else. 05:26.640 --> 05:30.600 So you go to 127 001 Telnet again open. 05:34.480 --> 05:35.150 I didn't use the phone. 05:46.200 --> 05:46.340 This. 05:49.770 --> 05:50.580 Going through what? 05:50.610 --> 05:51.540 Going through the tunnel. 05:53.160 --> 05:55.780 So any kind of traffic now can go through the tunnel. 05:55.800 --> 05:57.990 Now, maybe you want it to do it for Smtp. 05:58.020 --> 06:04.620 You want it to reach 1011, 11.4 for Smtp traffic. 06:05.430 --> 06:06.480 How would you do it? 06:09.180 --> 06:10.080 You go to your outer. 06:14.110 --> 06:17.800 You go out, you say VPN context admin. 06:18.590 --> 06:19.490 Context. 06:21.190 --> 06:22.360 I will say port forward. 06:22.390 --> 06:27.700 Now, this will be called R2, local port, let's say 20,000. 06:28.550 --> 06:29.920 Remote server is which one? 06:30.580 --> 06:32.290 Which one do I want to access? 06:32.860 --> 06:34.660 Ten, 11 11.4. 06:34.870 --> 06:36.370 Remote port is which one? 06:37.150 --> 06:37.870 25. 06:38.230 --> 06:42.640 Description is Smtp to 25. 06:44.250 --> 06:47.940 Where do I call this policy group? 06:48.510 --> 06:49.170 Admin? 06:51.160 --> 06:53.800 Policy put forward is also our. 07:01.550 --> 07:02.660 So you'll see that now. 07:03.730 --> 07:04.690 Or you can only have one. 07:04.690 --> 07:06.850 So you can only have one. 07:06.850 --> 07:09.190 If you wanted to add, you could add it to the first one. 07:09.940 --> 07:10.690 I have one there. 07:10.690 --> 07:11.170 Right? 07:11.890 --> 07:18.100 So I could say yes in the same one where VPN context, admin context. 07:18.100 --> 07:25.660 So when I have port forward R1 here I could add another line where you could say local port is 20,000, 07:26.110 --> 07:30.280 remote server is 1011 11.4 remote code is 25. 07:30.280 --> 07:33.000 Description is Smtp 75. 07:34.910 --> 07:35.930 So if you check now. 07:42.500 --> 07:43.100 You go to your. 07:46.240 --> 07:46.960 Policy. 07:48.160 --> 07:50.140 Admin policy. 07:51.050 --> 07:52.190 Support forward as are. 07:55.300 --> 07:56.300 No port for our. 07:58.120 --> 08:01.390 So if you check now show run begin. 08:02.420 --> 08:03.020 The VPN. 08:11.040 --> 08:11.280 Right. 08:11.280 --> 08:15.150 So in the same one you have two now, one for this is your thin client. 08:15.180 --> 08:16.500 It's called R1 right now. 08:17.700 --> 08:19.170 And you're calling it where? 08:21.180 --> 08:23.520 In the policy in your group policy. 08:23.700 --> 08:27.390 So if you go right now again and you reset this, you log out. 08:36.820 --> 08:37.900 Log back in again. 08:42.990 --> 08:43.410 Welcome. 08:56.330 --> 08:56.600 Right. 08:58.830 --> 09:00.420 Now you have two applications. 09:00.510 --> 09:02.070 One is Telnet to R1. 09:02.280 --> 09:04.390 The other one is Smtp to 25. 09:04.410 --> 09:11.970 So if you go to 127 001 at port number 20,000, your packet will actually go where your packet will 09:11.970 --> 09:17.820 be encapsulated as Smtp to ten, 11, 11. 09:17.820 --> 09:22.770 Not for the outside, encapsulation will still be the same SSL. 09:23.910 --> 09:27.150 Protecting this part and sending it across. 09:28.760 --> 09:29.750 Again DCP. 09:32.490 --> 09:36.500 443 going from 30.25 to 20 dot. 09:40.470 --> 09:46.800 This job of putting the protocol into the encapsulation is thin clients. 09:48.990 --> 09:50.460 That's what Syncline does. 09:50.670 --> 09:57.240 So earlier, where you had only Http and FTP, it was not in your control, which one do you use? 09:57.240 --> 10:01.650 The only control you had was over the fact that you could use this URL bar. 10:01.680 --> 10:03.150 That's all you had control over. 10:05.090 --> 10:05.280 Right. 10:05.300 --> 10:09.980 If you compare that to this now, you can have any protocol which has a port number to go through. 10:12.950 --> 10:15.020 Anything that is using port numbers. 10:15.290 --> 10:16.910 A well known destination port number. 10:16.910 --> 10:21.890 It will go through what your Http sorry, your SSL traffic, it will be encrypted. 10:22.340 --> 10:23.810 All you have to do is just map. 10:25.740 --> 10:27.150 Map this and find the right job. 10:29.790 --> 10:31.590 Just mean the latter is more difficult. 10:33.900 --> 10:34.320 Okay. 10:38.230 --> 10:39.280 Why is it choosing? 10:40.780 --> 10:42.580 That's the local loopback address. 10:43.750 --> 10:46.850 127 So remember, it's a reserved right. 10:46.870 --> 10:48.310 128 is used. 10:48.340 --> 10:50.800 126 is the last class address. 10:51.100 --> 10:54.310 Between them is 127 which is reserved for loopback. 10:57.180 --> 11:01.110 I could, but I don't have any application to run Smtp, my server. 11:01.110 --> 11:02.790 I don't have an Smtp server on our phone. 11:08.710 --> 11:08.980 Again. 11:17.580 --> 11:22.590 127 .0.0.1 Port number 25. 11:22.650 --> 11:27.600 If I use 20,000 it will try to go to Smtp from where the source is. 11:27.820 --> 11:27.900 One. 11:29.200 --> 11:29.440 No, no. 11:29.440 --> 11:31.230 I'm trying to access 127 zero. 11:32.590 --> 11:33.220 From the PC. 11:34.680 --> 11:34.950 From the. 11:37.050 --> 11:38.820 The client is trying to access this. 11:40.420 --> 11:41.970 But that's the countryside. 11:42.100 --> 11:42.430 Yeah. 11:43.000 --> 11:45.220 So it's getting Java. 11:46.270 --> 11:47.170 What does Java do? 11:47.200 --> 11:49.150 Java is working on top of everything right now. 11:49.570 --> 11:53.770 He's trying to access 127 .0.0.1. 11:53.770 --> 11:57.400 When Java sees he's actually trying to go there, he changes the destination. 11:57.400 --> 11:58.630 He says, No, you're not going there. 11:58.630 --> 12:05.760 You're actually going to ten, 11, 11.1 port number 23, and you're also going through this tunnel. 12:07.590 --> 12:08.670 Java does it for you. 12:09.300 --> 12:09.900 The thin client. 12:09.900 --> 12:10.710 That's his job. 12:11.610 --> 12:12.030 When he is. 12:12.030 --> 12:15.300 You are trying to go to 127 001 at port number 25,000. 12:15.330 --> 12:17.630 You're matching a condition in Java. 12:19.550 --> 12:25.040 On that application that is running on top of it is running here on top of everything else. 12:28.010 --> 12:29.720 And it checks anywhere else we want to go. 12:29.750 --> 12:31.940 Java will let you go because you're not matching those lines. 12:31.940 --> 12:35.810 But if you match, it's just like if you remember, it's just like easy VPN client. 12:37.670 --> 12:40.220 If you match the split tunnel ACL you have to go through. 12:40.520 --> 12:42.590 If you did not match, it lets you go. 12:42.620 --> 12:44.720 It was sitting on top of everything else, right? 12:47.300 --> 12:50.900 It makes a decision based on the port number and the address both should match. 12:52.310 --> 12:55.180 127 001 as well as the port number if. 12:55.900 --> 12:56.650 Just looking great. 12:57.010 --> 12:57.880 That is the look back. 12:57.910 --> 13:00.460 That is local address 127 001. 13:00.490 --> 13:01.620 It is your own address. 13:01.630 --> 13:04.690 It's usually used to check your own Nic card if it's working properly or not. 13:06.560 --> 13:12.980 If you if you want to check if you have IP address on your Nic card and you can ping it, use 127 001, 13:13.130 --> 13:14.120 you're pinging yourself. 13:14.960 --> 13:15.740 Local address. 13:16.190 --> 13:17.210 Your local address. 13:19.500 --> 13:19.950 Okay. 13:22.010 --> 13:22.700 Claire Guys. 13:24.110 --> 13:26.090 Claire Right now, Cosmetics. 13:26.090 --> 13:27.560 You could do a lot of cosmetics. 13:27.560 --> 13:28.700 Cosmetics in here. 13:28.730 --> 13:32.240 First of all, let me see if I have a TftP server which is running. 13:33.630 --> 13:34.380 I want to show you something. 13:39.120 --> 13:39.990 It is started. 13:43.510 --> 13:44.710 Let me go to the gateway. 13:45.580 --> 13:47.830 Copy from TftP. 13:48.820 --> 13:49.480 To flash. 13:51.980 --> 13:57.590 151 .3. 25 Source file name is. 13:59.680 --> 14:00.410 And I had an image. 14:07.420 --> 14:08.900 Destination file name is this. 14:08.920 --> 14:10.090 So it copies. 14:11.670 --> 14:12.510 It's too far away. 15:50.500 --> 15:50.890 There you go. 15:52.000 --> 15:52.870 So flash. 15:54.030 --> 15:54.900 I have the file in here. 15:54.900 --> 15:55.290 Right. 15:55.530 --> 15:59.970 So what I can do is web VPN, context admin. 16:01.030 --> 16:01.780 Context. 16:03.250 --> 16:03.700 Right. 16:04.060 --> 16:05.680 There's something called login. 16:06.700 --> 16:07.240 Photo. 16:08.290 --> 16:12.090 The name of the file is SJ Dot. 16:14.990 --> 16:15.260 Okay. 16:15.260 --> 16:15.710 So. 16:16.320 --> 16:18.000 You just have to put the file in your flash. 16:18.540 --> 16:20.940 Just a quick show of how it's done. 16:21.150 --> 16:22.680 Put the file in the flash. 16:23.250 --> 16:24.120 Copy it here. 16:29.420 --> 16:29.560 Out. 16:40.200 --> 16:40.340 Right. 16:41.330 --> 16:46.130 All you have to do is just put the file in the flash, call it in the SSL VPN gateway. 16:46.400 --> 16:48.290 It comes through login. 16:51.290 --> 16:51.710 There you go. 16:53.030 --> 16:53.190 In. 16:54.750 --> 16:56.250 It's nothing complicated. 16:56.640 --> 16:59.340 Once you know how it works, it's pretty simple. 16:59.580 --> 17:02.010 All you have to understand is how the thin client works. 17:02.700 --> 17:03.480 The rest is easy. 17:04.680 --> 17:05.030 Right. 17:05.040 --> 17:06.150 You could do some other stuff. 17:06.150 --> 17:08.370 For example, right now there's a URL bar, right? 17:08.700 --> 17:11.220 Which is quite dangerous because anyone can go anywhere. 17:12.850 --> 17:14.980 All he has to do is just enter the information. 17:14.980 --> 17:18.250 So what you could also do is you could go to your VPN gateway. 17:20.690 --> 17:23.180 The VPN context. 17:24.270 --> 17:24.810 Hardman. 17:25.620 --> 17:27.250 This context. 17:28.090 --> 17:31.600 In the policy group admin. 17:34.200 --> 17:34.800 Policy. 17:35.160 --> 17:38.220 You have this option called hide URL bar. 17:40.140 --> 17:41.760 So you will hide the URL bar. 17:42.900 --> 17:43.280 Right. 17:43.290 --> 17:46.650 But what if you wanted people to access certain URLs? 17:46.860 --> 17:50.040 For that you'll have to create a URL list. 17:51.260 --> 17:52.160 Call it again. 17:52.160 --> 17:52.340 I'm. 17:52.490 --> 17:53.750 I'm creating the list. 17:53.750 --> 17:54.260 Where? 17:55.470 --> 17:57.500 Here just where I created my port. 17:57.510 --> 17:58.560 Fast forward. 17:58.680 --> 18:00.630 I'll create my URL list. 18:00.630 --> 18:01.650 I'll call it list. 18:02.780 --> 18:05.500 And then I'll specify the different changes that I do. 18:07.590 --> 18:08.640 I'll call it Earl. 18:09.150 --> 18:10.950 And here I'll make the changes. 18:11.070 --> 18:11.730 Heading. 18:11.760 --> 18:13.320 This will be our one. 18:13.650 --> 18:16.920 Going to our one then Earl text. 18:16.980 --> 18:18.930 Or maybe the heading is something else. 18:19.260 --> 18:20.460 Heading is. 18:21.650 --> 18:22.520 Access. 18:24.880 --> 18:27.380 Then url text is. 18:27.400 --> 18:29.710 R1 url value. 18:32.420 --> 18:34.490 Ten 1111 dot one. 18:43.740 --> 18:45.750 Your value is just ten, 11. 18:45.750 --> 18:46.140 11, one. 18:49.370 --> 18:49.820 Okay. 18:49.820 --> 18:50.720 I just have to type. 18:52.060 --> 18:57.120 Your text is R1URL value, then specify the CPU. 18:57.830 --> 18:59.420 Ten 1111 dot. 19:01.040 --> 19:01.820 Where do I call this? 19:02.060 --> 19:02.720 A list? 19:03.950 --> 19:05.090 In the policy right. 19:05.360 --> 19:08.810 Policy group admin policy. 19:09.770 --> 19:11.060 Your list is. 19:13.180 --> 19:13.660 Was part. 19:16.740 --> 19:18.480 So I created here. 19:18.810 --> 19:24.510 I said, okay, the heading is access only. 19:26.400 --> 19:26.890 You like that? 19:30.580 --> 19:35.610 Then I also said what your URL value. 19:35.830 --> 19:43.060 URL text is our one url value is. 19:43.990 --> 19:44.690 Http. 19:45.910 --> 19:46.210 Ten. 19:46.210 --> 19:46.480 11. 19:46.480 --> 19:47.260 11.1. 19:49.660 --> 19:50.080 Call it. 19:50.080 --> 19:50.440 Where? 19:51.400 --> 19:52.450 Right after port forward. 19:52.450 --> 19:55.840 I said you are you are a list is. 19:58.240 --> 19:59.090 Can I call the list? 20:01.020 --> 20:01.460 Polyforms. 20:04.580 --> 20:05.510 So have a look now. 20:09.590 --> 20:10.640 We just change? 20:14.390 --> 20:15.080 On the router. 20:15.080 --> 20:15.320 Yep. 20:15.320 --> 20:16.670 I put both as you are there. 20:16.700 --> 20:17.870 Here I put the both things as. 20:31.260 --> 20:32.940 You don't have the URL bar anymore. 20:34.740 --> 20:37.960 You don't have the URL, you have limited options which are only there for whom? 20:37.980 --> 20:38.610 For you. 20:38.910 --> 20:40.080 So you just click on it. 20:40.080 --> 20:40.830 You'll get to add one. 20:43.100 --> 20:43.370 Right. 20:43.370 --> 20:45.700 Limited access, stuff like that. 20:45.710 --> 20:50.780 I mean, you can explore now when you go here, you can explore all these options which you have available 20:50.780 --> 20:51.110 to you. 20:53.000 --> 20:54.350 You can change the color. 20:54.680 --> 20:58.640 The CSD will do the CSD in your what do you call it? 20:58.860 --> 20:59.180 RSA. 20:59.360 --> 21:02.330 We'll see it in RSA Login message Login photo. 21:02.360 --> 21:03.620 You can change the logo. 21:04.670 --> 21:08.590 If you wanted to list is your server for this. 21:09.450 --> 21:11.490 You write so many different things which you could do. 21:12.890 --> 21:14.660 All through the same web thing. 21:15.530 --> 21:20.810 What you can do also at the same time is say, for example, I want you to create another context. 21:21.860 --> 21:23.330 This is one context, right? 21:23.360 --> 21:25.820 What if I wanted to create another context? 21:26.880 --> 21:28.590 I'll call it sales context. 21:29.990 --> 21:30.920 No port forwarding. 21:30.920 --> 21:32.720 I do not require any port forwarding here. 21:33.050 --> 21:35.360 I just want this guy to be able to access a URL. 21:35.360 --> 21:35.960 Which URL? 21:35.990 --> 21:39.530 R2 r4 at ten 1111 dot. 21:40.730 --> 21:41.120 For. 21:42.290 --> 21:43.550 I'll call his list. 21:48.230 --> 21:49.340 Right policy. 21:50.000 --> 21:51.530 I'll call it sales policy. 21:52.190 --> 21:53.420 Welcome to sales. 21:59.490 --> 21:59.940 Actions. 21:59.940 --> 22:02.040 I don't want him to file browser or anything like that. 22:02.040 --> 22:03.560 No port forwarding only. 22:03.570 --> 22:04.560 You are a list. 22:05.250 --> 22:06.510 The name of the list is. 22:09.070 --> 22:09.400 Correct. 22:10.830 --> 22:11.580 Policy name. 22:12.750 --> 22:16.440 Sales policy authentication list is the same, but the domain now is what? 22:18.120 --> 22:19.290 And here it's up to you. 22:19.320 --> 22:20.220 What do you want this to be? 22:21.390 --> 22:25.830 It's just a name, but this is what you will use in the forward slash, whatever you put here. 22:26.370 --> 22:26.540 Right. 22:26.580 --> 22:29.340 So here I will just put sales and inserts. 22:29.340 --> 22:30.780 That's all I have to do, right? 22:30.900 --> 22:32.100 Nothing more than this. 22:33.750 --> 22:34.350 So I'll go here. 22:36.350 --> 22:37.130 Get it done. 22:39.740 --> 22:44.750 Now, again, when you're doing this, when you're trying to do this, it will not work in the beginning. 22:44.780 --> 22:49.910 First, you have to close down your browser and then start it again because it remembers the old session. 22:51.500 --> 22:52.370 Then try again. 22:52.370 --> 22:56.850 150 .1.2.2 but not admin sales. 23:08.540 --> 23:09.440 The ctp's. 23:10.660 --> 23:10.960 Not. 23:16.150 --> 23:16.750 Continue. 23:20.010 --> 23:20.310 Got it. 23:22.920 --> 23:26.310 This is not sure if I use Sha and Cisco. 23:26.340 --> 23:30.870 You're not able to get in and Cisco was for admins. 23:30.870 --> 23:32.220 You're not an admin anymore. 23:32.250 --> 23:33.660 For sales you are Rob. 23:34.320 --> 23:36.870 Password is welcome to sales. 23:43.540 --> 23:44.530 You have your page. 23:44.890 --> 23:46.200 No file browse. 23:46.210 --> 23:49.570 I didn't enable file file browsing so CIF is not there anymore. 23:49.660 --> 23:50.110 No. 23:50.110 --> 23:50.800 Thin client. 23:50.830 --> 23:51.550 I didn't put that. 23:51.550 --> 23:54.700 Also, the only access you have is forgot to hide the bar. 23:56.740 --> 23:58.120 Forgot to hide the bar in the policy. 23:58.120 --> 24:00.970 I have to use hide URL bar so we'll not be there. 24:01.000 --> 24:07.960 The only access that he will have available to him is also those are for go to after checkout after 24:07.960 --> 24:08.740 and come back again. 24:12.100 --> 24:14.110 Okay, One note this one thing. 24:14.110 --> 24:19.510 Remember this that your R4 and R1 do not have a default gateway for them. 24:19.510 --> 24:21.100 They're talking to ten, 11, 11 two. 24:21.130 --> 24:22.300 They're talking to the gateway. 24:23.440 --> 24:24.880 The gateway is proxying for the. 24:27.280 --> 24:28.780 Keeping track of all the sessions. 24:30.680 --> 24:31.100 Okay. 24:32.330 --> 24:32.620 Clear. 24:34.210 --> 24:35.660 This is how it works. 24:35.660 --> 24:36.470 Let's do that. 24:36.470 --> 24:37.700 One last thing also. 24:41.940 --> 24:44.180 VPN context. 24:44.240 --> 24:46.100 Sales Context. 24:48.180 --> 24:50.400 Policy group sales. 24:51.230 --> 24:51.680 Policy. 24:53.220 --> 24:53.550 Hide. 24:58.310 --> 24:59.680 The people can log out. 25:02.730 --> 25:03.510 Log in again. 25:06.900 --> 25:07.290 But all. 25:17.840 --> 25:18.140 Okay. 25:18.650 --> 25:22.580 Access to one device only so you can limit it based on the view. 25:23.740 --> 25:25.540 Salespeople are getting a different view. 25:25.720 --> 25:27.190 Admin people are getting a different view. 25:27.220 --> 25:29.830 Admin people are getting the thin client and all those things. 25:29.860 --> 25:34.600 Sales people are only getting what access to certain Http servers. 25:36.390 --> 25:36.870 Okay. 25:37.820 --> 25:40.310 Everybody clear with web VPN. 25:43.640 --> 25:44.300 Stop this up.