VPN Concentrator- WebVPN using Cisco SSL Client

Unanswered Question
Mar 22nd, 2007


I have configured WebVPN client using Cisco SSL VPN client on VPN Concentrator 3030. But every time the user logs in, the Client software get installed. Is there anyway to avoid this and configure in such a way that after the user gets authenticated, he can directly get access to internal network without installing the client software every time.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (2 ratings)
ggilbert Fri, 03/23/2007 - 05:59


If you go to the webvpn tab in the group that the users are connecting, you have options for

Require Cisco SSL VPN Client

Keep Cisco SSL VPN Client.

You might want to choose Keep Cisco SSL VPN client - This would keep the installer in the machine that is trying to authenticate and will not install everytime the user logs in.

Or If you have Inherit checked, make sure you change that on Base-Group.

Rate this post, if it helps.



fahimkm81 Mon, 03/26/2007 - 04:31


thanks for the suggestion. one more question.. during the connection, the windows prompts for 3-4 message box where we have to press yes every time we try to connect. Is it possible to avoid that.



h.parsons Sat, 03/24/2007 - 14:06

We will also configure the browser by adding the VPN url as a trusted site and to not prompt for downloading activex.

fahimkm81 Mon, 03/26/2007 - 04:26

okay thanks a lot.. this helped.. one more question.. while connecting, 3-4 message boxes are prompted and every time we have to press YES. can this be avoided. if not all atleast the one which gives error message.

kcolo Mon, 03/26/2007 - 13:05

You are probably getting certificate errors because by default the ASA uses its own certificate for the outside interface.

When you connect to an SSL website, your browser checks the site for a valid certificate from an authority like Verisign. If you went this route, you would need to buy a Verisign certificate and apply it to the outside inteface as a trustpoint.


Another opion you have is to create your own certificate in the ASA, then manually install this certificate by adding it to your browser's trusted root certificate store. You will need to click through and install the certificate on the client's machine through the web browser. You may not want to do this.

ggilbert Thu, 03/29/2007 - 05:54

Fahim -

What Kevin said is correct. Except you are using a VPN 3000 concentrator.

So, you just need to import that certificate given by the concentrator into your browser trusted certificates and you should be good to go.



diogo Mon, 04/23/2007 - 19:41

Hello Gilbert,

I'm facing the same issues with the same prompts and alerts about certificates. The problem is a bit worse because I'm also using Cisco Secure Desktop, and that 'masquerades' one of the alerts - it stays behind the secure desktop - making it difficult for the end user to find and accept it.

well, I'm not sure if there is an actual solution for that, other than importing the certificate the browser's trusted certificates, or acquiring an verifiable certificate.

if you have any idea that can help me....

thanks !


This Discussion