Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1126
Views
6
Helpful
7
Replies

VPN Concentrator- WebVPN using Cisco SSL Client

fahimkm81
Level 1
Level 1

‎03-22-2007 11:46 PM

Hi,

I have configured WebVPN client using Cisco SSL VPN client on VPN Concentrator 3030. But every time the user logs in, the Client software get installed. Is there anyway to avoid this and configure in such a way that after the user gets authenticated, he can directly get access to internal network without installing the client software every time.

fahim

Labels:
0 Helpful
7 Replies 7

ggilbert
Cisco Employee
Cisco Employee

‎03-23-2007 05:59 AM

Fahim,

If you go to the webvpn tab in the group that the users are connecting, you have options for

Require Cisco SSL VPN Client

Keep Cisco SSL VPN Client.

You might want to choose Keep Cisco SSL VPN client - This would keep the installer in the machine that is trying to authenticate and will not install everytime the user logs in.

Or If you have Inherit checked, make sure you change that on Base-Group.

Rate this post, if it helps.

Cheers

Gilbert

fahimkm81
Level 1
Level 1
In response to ggilbert

‎03-26-2007 04:31 AM

Gilbert,

thanks for the suggestion. one more question.. during the connection, the windows prompts for 3-4 message box where we have to press yes every time we try to connect. Is it possible to avoid that.

Regards,

Fahim

0 Helpful

h.parsons
Level 3
Level 3

‎03-24-2007 02:06 PM

We will also configure the browser by adding the VPN url as a trusted site and to not prompt for downloading activex.

fahimkm81
Level 1
Level 1
In response to h.parsons

‎03-26-2007 04:26 AM

okay thanks a lot.. this helped.. one more question.. while connecting, 3-4 message boxes are prompted and every time we have to press YES. can this be avoided. if not all atleast the one which gives error message.

0 Helpful

kcolo
Level 1
Level 1
In response to fahimkm81

‎03-26-2007 01:05 PM

You are probably getting certificate errors because by default the ASA uses its own certificate for the outside interface.

When you connect to an SSL website, your browser checks the site for a valid certificate from an authority like Verisign. If you went this route, you would need to buy a Verisign certificate and apply it to the outside inteface as a trustpoint.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807c2151.shtml

Another opion you have is to create your own certificate in the ASA, then manually install this certificate by adding it to your browser's trusted root certificate store. You will need to click through and install the certificate on the client's machine through the web browser. You may not want to do this.

0 Helpful

ggilbert
Cisco Employee
Cisco Employee
In response to kcolo

‎03-29-2007 05:54 AM

Fahim -

What Kevin said is correct. Except you are using a VPN 3000 concentrator.

So, you just need to import that certificate given by the concentrator into your browser trusted certificates and you should be good to go.

Thanks

Gilbert

0 Helpful

diogo
Level 1
Level 1
In response to ggilbert

‎04-23-2007 07:41 PM

Hello Gilbert,

I'm facing the same issues with the same prompts and alerts about certificates. The problem is a bit worse because I'm also using Cisco Secure Desktop, and that 'masquerades' one of the alerts - it stays behind the secure desktop - making it difficult for the end user to find and accept it.

well, I'm not sure if there is an actual solution for that, other than importing the certificate the browser's trusted certificates, or acquiring an verifiable certificate.

if you have any idea that can help me....

thanks !

0 Helpful
Customers Also Viewed These Support Documents