ASA - SSL VPN Clientless- part 1
SSL VPN Configuration on ASA firewall better is to configure via ASDM instead of CLI.Some feature are even not possible to do via CLI so I recommend to use ASDM.
Cisco ASA provide 3 types of SSL VPN access:
- Thin Client
- Full network access
Clientless SSL VPN does not require any special software on user PC and all services are reacheable via web browser however this solution is good only for web-based services and some client-server functionality like MS file sharing.
I recommend to start with wizard and later tune our configuration.It will save us a lot of time and configuration will go smoothly.
Connection profile - name of our Connection profile name.
SSL VPN Interface - interface on which ASA will server SSL VPN services
Notice that ASDM access will be available under different URL https://IP-ASA/admin
User authentication method: via AAA(Radius, Tacacs) or local database.
For this tutorial I have choosen local but in next tutorial I will show how ot do this also with other authentication methods.
I strongly recommend to create new policy instead of using defualt one.
Click "Manage" to create bookmark list.
Configure bookmark - (this one is for company website) and click "OK"
You can use bookmarks for http, https, cifs and ftp.
Click "OK" to continue.
Choose your new bookmark list and click "OK" to continue.
Click "Finish" to close the wizard.
From CLI it looks like below:
CLIENT CONNECTIVITY TEST
open browser and type address of ASA.
Type user and password and click "Login"
When you get the following warning:
"Login denied,unathorized connection mechanism.Contact your administrator."
it means user has not access for remote access. Assign user
Below printscreen after logon.
Default configuration does not limit us only to our bookmarks but if we know URL we can browse to this webpage via ssl vpn page, the same with access to file on MS file servers(see below).
Via browser you can add,delete,copy,paste...generally manage files and folders.
After work do not remember logout.