SSL VPN ASA 5520 help

Unanswered Question
Jul 25th, 2008
User Badges:

Hi,


I have many Site-to-Sites and client based VPN's running through my ASA 5520, but I would like to test SSL VPN over the web.


Is it like the Client VPN and do I need to buy a certificate or does the ASA generate one?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Fri, 07/25/2008 - 03:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the only thing u need in ur client side is web browser, such as IE.

whiteford Fri, 07/25/2008 - 06:20
User Badges:

Couple of questions.


I'm using the ASDM.


1.) I haven't created a certificate, but it's logged on using https port 443. Do I need one?


2.) I've added the website to the bookmarks, but how do I get the external client use our internal DNS server to resolve the websites?


3.) I'm connecting as RC4-SHA1, is AES256-SHA1 better?

Marwan ALshawi Fri, 07/25/2008 - 06:39
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

for DNS

by using ASDM


go to ASDM configuration then VPN section

To specify DNS servers, choose Configuration > Features > Properties > DNS Client


by using command line


tunnel-group [name] webvpn-attributes

nbns-server [dns ip adress]


ASDM


To specify DNS servers, choose Configuration > Features > Properties > DNS Client. Cisco ASA allows up to six DNS server for name resolution. You have to instruct Cisco ASA which interface to use to send the DNS requests


if ur dns on the inside also put the following

by CLI

dns domain-lookup inside

dns name-server [dns ip address]


and the cetificate will be intiated from server side only which is the ASA for securing the tunnel dose not need to authenticate the client certificate


AES secure and less cpu intensive



Rate if helpful

whiteford Fri, 07/25/2008 - 06:55
User Badges:

Thanks - My DNS is working now.


W1.) hat should my Server SSL version be set to? it is "any" and so is Client SSL version.


3.) I only have AES256 SHA1 active but RC4 still gets used.


4.) I have tested RADIUS from the ASDM and it works where do I set it for the Clientless SSL VPN?


Thanks

Actions

This Discussion