Home > Articles > Cisco

  • Print
  • + Share This
From the author of ASA Clientless SSL VPN Configuration

ASA Clientless SSL VPN Configuration

As noted in the previous section, only a few features will be highlighted in this section to give an idea of what is involved with the configuration of this feature and its options generally.

To enable the use of the basic Clientless SSL VPN access, there are only a few very simple commands to enter (see Table 1).

Table 1: Enabling the WebVPN Service (Clientless SSL)

1

Enter WebVPN service configuration mode.

asa(config)#webvpn

2

Enable the WebVPN service on the appropriate interface.

asa(config-webvpn)#enable interface

At this point, if users navigate to the SSL (TCP 443) port of the ASA, they would get a connection with a screen similar to that shown in Figure 1.

Figure 1 WebVPN Certificate Not Trusted message

Because the default certificate that exists on the ASA is self-signed, this message just indicates that the browser can't verify the certificate that is being used. In production, the certificates that should be used on the ASA should be from a trusted Certificate Authority (CA).

After you choose to trust (or Proceed Anyway) from this screen, the ASA's WebVPN (Clientless SSL VPN) login screen will display (see Figure 2).

Figure 2 Default login screen

To get past this point, the next step must be to create a username, as shown in Table 2.

Table 2: Create a User

1

Create a local username and password combination pair.

asa(config)#username username password password

After the user is created, login is possible. Once logged in, the default Clientless SSL VPN homepage is shown (an example of this is shown in Figure 3).

Figure 3 Default Clientless SSL VPN homepage

  • + Share This
  • 🔖 Save To Your Account