ASA  - SSL VPN Thin Client  - part 1

 

Before you start to use this tutorial be sure your SSL VPN is operation or if not, please check my tutorial for SSL VPN Clientless - it is some configuration how to enable SSL VPN.

Thin Client often called  "Port Forwarding" is a solution which can help to extend functionality of Clientless VPN solution.You still do not need any special software like vpn client but it gives you some extra features.

Port Forwarding uses Java so it is necessary that Java is installed on end-user station.

 

CONFIGURATION

 

Go to Port forwarding menu.

asa-sslvpn-thin-1.PNG

 Click "Add"

asa-sslvpn-thin-2.PNG

List name cannot contain "spaces".

Click "Add" and configure port forwarding.

 

Forward telnet to core switch

To connect to core switch via telnet(on port 23) you will physically connect to port 5000 on local PC then your connection will be forwarded to Core switch.

asa-sslvpn-thin-3.PNG

 Telnet redirection

 Forward ssh to firewall

asa-sslvpn-thin-4.PNG

 SSH port forwarding

 asa-sslvpn-thin-5.PNG

Click "OK" to close forwarding list.

Apply changes (see CLI view below).

 

asa-sslvpn-thin-6.PNG

 

Go to group-policy ( we created during SSL VPN Clientless tutorial)

 

asa-sslvpn-thin-7.PNG

 Click "Edit" and go to Portal - Port Forwarding List, untick "Inherit" and choose our port forwarding list.(see picture below).

 

asa-sslvpn-thin-8.PNG

When you tick "Auto Applet Download" "Port forwarding application" will automatically  after login to SSL VPN.

It works good in IE browsers but with the rest I recommend not to enable it.

 Click "OK"  and apply configuration.

asa-sslvpn-thin-9.PNG



CLIENT TEST


Login to SSL VPN and click "Application Access"

asa-sslvpn-thin-10.PNG

 Click "Start Applications" to run port forwarding.

asa-sslvpn-thin-11.PNG

 Now do telnet to 127.0.0.1 on port 5000 to connect via telnet to core switch.

telnet 127.0.0.1 5000

asa-sslvpn-thin-12.PNG

 Working, excellent!

 asa-sslvpn-thin-13.PNG

Our application shows us too traffic has been sent to/from core switch.

Be carefull traffic via telnet is only secured to ASA. From asa to switch traffic is send via normal, unencrypted telnet protocol.

 

dzbanek 2013-03-29

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.