SSL VPN Configuration on ASA firewall better is to configure via ASDM instead of CLI.Some  feature are even not possible to configure via CLI so I recommend to use ASDM.

Cisco ASA provide 3 types of SSL VPN access:

  • Clientless
  • Thin Client
  • Full network access

 

Clientless SSL VPN does not require any special software on user PC and all services are reacheable via web browser however this solution is good only for web-based services and some client-server functionality like MS file sharing.

CONFIGURATION

I recommend to start with wizard and later tune our configuration.It will save us a lot of time and configuration will go smoothly.

 

asa-sslvpn-clientless-1.PNG

Click “Next”

asa-sslvpn-clientless-2.PNG

Connection profile – name of our Connection profile name.

SSL VPN Interface – interface on which ASA will server SSL VPN services

Warning!

Notice that ASDM access will be available under different URL https://IP-ASA/admin

Click “Next”

asa-sslvpn-clientless-3.PNG

User authentication method: via AAA(Radius, Tacacs) or local database.

For this tutorial I have choosen local but in next tutorial I will show how ot do this also with other authentication methods.

Click “Next”

asa-sslvpn-clientless-4.PNG

 I strongly recommend to create new policy instead of using defualt one.

Click “Next”

asa-sslvpn-clientless-5.PNG

Click “Manage” to create bookmark list.

asa-sslvpn-clientless-6.PNG

Click “Add”

asa-sslvpn-clientless-7.PNG

Click “Add”

asa-sslvpn-clientless-8.PNG

 Configure bookmark – (this one is for company website) and click “OK”

 You can use bookmarks for http, https, cifs and ftp.

asa-sslvpn-clientless-9.PNG

 Click “OK” to continue.

asa-sslvpn-clientless-10.PNG

Choose your new bookmark list and click “OK” to continue.

asa-sslvpn-clientless-11.PNG

 Click “Next”

asa-sslvpn-clientless-12.PNG

 Click “Finish” to close the wizard.

From CLI it looks like below:

asa-sslvpn-clientless-13.PNG

 

 CLIENT CONNECTIVITY TEST

 

open browser and type address of ASA.

https://ASA-ip

 

asa-sslvpn-clientless-14.PNG

 Type user and password and click “Login”

 

When you get the following warning:

“Login denied,unathorized connection mechanism.Contact your administrator.”

asa-sslvpn-clientless-15.PNG

it means user has not access for remote access. Assign user

 

asa-sslvpn-clientless-16.PNG

  Below printscreen after logon.

asa-sslvpn-clientless-17.PNG

 

Default configuration does not limit us only to our bookmarks but if we know URL we can browse to this webpage via ssl vpn page, the same with access to file on MS file servers(see below).

asa-sslvpn-clientless-19.PNG

asa-sslvpn-clientless-20.PNG

 

 Via browser you can add,delete,copy,paste…generally manage files and folders.

 After work do not remember logout.

asa-sslvpn-clientless-21.PNG

 

 

dzbanek 2013-03-29