ASA  - SSL VPN Clientless- part 1

SSL VPN Configuration on ASA firewall better is to configure via ASDM instead of CLI.Some  feature are even not possible to do via CLI so I recommend to use ASDM.

Cisco ASA provide 3 types of SSL VPN access:

  • Clientless 
  • Thin Client 
  • Full network access


Clientless SSL VPN does not require any special software on user PC and all services are reacheable via web browser however this solution is good only for web-based services and some client-server functionality like MS file sharing.


I recommend to start with wizard and later tune our configuration.It will save us a lot of time and configuration will go smoothly.


asa-sslvpn-clientless-1.PNGClick "Next"

asa-sslvpn-clientless-2.PNGConnection profile - name of our Connection profile name.

SSL VPN Interface - interface on which ASA will server SSL VPN services


Notice that ASDM access will be available under different URL https://IP-ASA/admin

Click "Next"


User authentication method: via AAA(Radius, Tacacs) or local database.

For this tutorial I have choosen local but in next tutorial I will show how ot do this also with other authentication methods.

Click "Next"


 I strongly recommend to create new policy instead of using defualt one.

Click "Next"


Click "Manage" to create bookmark list.

asa-sslvpn-clientless-6.PNGClick "Add"


Click "Add"


 Configure bookmark - (this one is for company website) and click "OK"

 You can use bookmarks for http, https, cifs and ftp.


 Click "OK" to continue.


 Choose your new bookmark list and click "OK" to continue.


 Click "Next"


 Click "Finish" to close the wizard.

 From CLI it looks like below:





open browser and type address of ASA.




 Type user and password and click "Login"


 When you get the following warning:

"Login denied,unathorized connection mechanism.Contact your administrator."


 it means user has not access for remote access. Assign user 



  Below printscreen after logon.



Default configuration does not limit us only to our bookmarks but if we know URL we can browse to this webpage via ssl vpn page, the same with access to file on MS file servers(see below).




 Via browser you can add,delete,copy,paste...generally manage files and folders.

 After work do not remember logout.




dzbanek 2013-03-29

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.