Scribd
Upload
83 views15 pages

Clientless SSLVPN On Cisco ASA

The document provides a detailed configuration guide for setting up a Clientless SSL VPN on a Cisco ASA device, including IP address assignments and basic configurations for both the ASA and ISP. It outlines the steps for accessing the ASA management interface, configuring the VPN using the ASDM interface, and verifying the setup through a web browser. Additionally, it includes troubleshooting tips for browser compatibility issues with the SSL VPN service.

Uploaded by

shayn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views15 pages

Clientless SSLVPN On Cisco ASA

The document provides a detailed configuration guide for setting up a Clientless SSL VPN on a Cisco ASA device, including IP address assignments and basic configurations for both the ASA and ISP. It outlines the steps for accessing the ASA management interface, configuring the VPN using the ASDM interface, and verifying the setup through a web browser. Additionally, it includes troubleshooting tips for browser compatibility issues with the SSL VPN service.

Uploaded by

shayn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Clientless SSLVPN on Cisco ASA:

ASA Public IP Address 1.1.1.1


ASA Private IP Address 192.168.1.254
ASA MGMT IP Address 192.168.114.254
PC1 IP Address 2.2.2.1
ASA Image asa-915-16-k8-CL-L
ISP to ASA Public IP Address 1.1.1.2
ISP to PC1 Public IP Address 2.2.2.2
Remote Access VPN Type Clientless SSL VPN
ASDM Version 7.3(3)
ASA Version 9.1(5)16
Device Type ASA 5520
Java Version JRE 1.8.0_22

ISP Basic Configuration


ISP(config)#hostname ISP
ISP(config)#interface gigabitEthernet 0/0
ISP(config-if)#ip address 1.1.1.2 255.255.255.0
ISP(config-if)#no shutdown
ISP(config)#interface gigabitEthernet 0/1
ISP(config-if)#ip address 2.2.2.2 255.255.255.0
ISP(config-if)#no shutdown

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


ASA Basic Configuration
ASA(config)# hostname ASA
ASA(config)# interface Ethernet0
ASA(config-if)# nameif outside
ASA(config-if)# security-level 0
ASA(config-if)# ip address 1.1.1.1 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface Ethernet1
ASA(config-if)# nameif inside
ASA(config-if)# security-level 100
ASA(config-if)# ip address 192.168.1.254 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# interface Ethernet2
ASA(config-if)# nameif MGMT
ASA(config-if)# security-level 100
ASA(config-if)# ip address 192.168.114.254 255.255.255.0
ASA(config-if)# no shutdown
ASA(config-if)# exit
ASA(config)# route outside 0.0.0.0 0.0.0.0 1.1.1.2

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


In all browser you will get below error unsupported protocols

Open Microsoft Edge browser click on 3 dots go to Settings >Default Browser

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Under Internet Explorer mode pages click on Add type the IP Address of Cisco ASA Firewall in
this case https://192.168.114.254

Now it will work type the IP Address of Cisco ASA firewall in Microsoft Edge click More
information > click on Go on to the webpage (not recommended)

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Type the username and password after that click on Install ASDM Launcher to download.

Run Cisco ASDM-IDM Launcher. Type the IP Address of ASA Firewall, Username and password.
Click OK to open ASDM interface.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Use the VPN Wizard by choosing Wizards > VPN Wizards > Clientless SSL VPN Wizard. The
Clientless SSL VPN Connection window opens.

SSL VPN Wizard windows open it require 6 steps to complete click Next to continue.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


The SSL VPN Interface window appears. Configure a Connection Profile Name for the
connection and identify the interface to which outside users will connect.
The SSL VPN Interface screen provides links in the Information section. These links identify the
URLs that need to be used for the SSL VPN service access (login) and for Cisco ASDM access.

Click Next to continue and display the User Authentication window. Identify how remote users
will authenticate. Local database can be used. To add a new user, enter the username and
password and then click Add.

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Once complete, click Next to continue and open the Group Policy window. Identify a group
policy that will be associated with the authenticated remote user. You may modify these
settings after the wizard has been completed by navigating to the Configuration > Remote
Access VPN > Clientless SSL VPN Access > Group Policies.

Click Next to continue. The Bookmark List window appears. A bookmark list is a set of URLs that
is configured to be used in the clientless SSL VPN web portal. To add bookmarks, click Manage
and then Add to open the Add Bookmark List dialog.

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Click Add again to open the Add Bookmark dialog. Add the bookmark and URL and keep clicking
OK until you return to the Bookmark List window.

9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


10 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717
Click Next to continue. The Summary screen will open. Review the information displayed. If
correct, click Finish. Otherwise. Click Back and correct the misconfiguration.

The configuration is then committed to the ASA.

11 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Verification and Testing.
Once the WebVPN has been configured, use the address https://1.1.1.1 in the browser.

12 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


Login with your credentials that you have created in the local database. Now you will be
presented with your home page.

This is the SSL VPN clientless mode from which the user can launch any web services from the
WebVPN portal.

13 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717


14 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717
In ASDM, choose Monitoring > VPN > VPN Statistics > Sessions > Filter by: Clientless SSL VPN.

15 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile: 00966564303717

You might also like