cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
488
Views
0
Helpful
4
Replies

SSL VPN ASA 5520 help

whiteford
Level 1
Level 1

Hi,

I have many Site-to-Sites and client based VPN's running through my ASA 5520, but I would like to test SSL VPN over the web.

Is it like the Client VPN and do I need to buy a certificate or does the ASA generate one?

4 Replies 4

Marwan ALshawi
VIP Alumni
VIP Alumni

the only thing u need in ur client side is web browser, such as IE.

Couple of questions.

I'm using the ASDM.

1.) I haven't created a certificate, but it's logged on using https port 443. Do I need one?

2.) I've added the website to the bookmarks, but how do I get the external client use our internal DNS server to resolve the websites?

3.) I'm connecting as RC4-SHA1, is AES256-SHA1 better?

for DNS

by using ASDM

go to ASDM configuration then VPN section

To specify DNS servers, choose Configuration > Features > Properties > DNS Client

by using command line

tunnel-group [name] webvpn-attributes

nbns-server [dns ip adress]

ASDM

To specify DNS servers, choose Configuration > Features > Properties > DNS Client. Cisco ASA allows up to six DNS server for name resolution. You have to instruct Cisco ASA which interface to use to send the DNS requests

if ur dns on the inside also put the following

by CLI

dns domain-lookup inside

dns name-server [dns ip address]

and the cetificate will be intiated from server side only which is the ASA for securing the tunnel dose not need to authenticate the client certificate

AES secure and less cpu intensive

Rate if helpful

Thanks - My DNS is working now.

W1.) hat should my Server SSL version be set to? it is "any" and so is Client SSL version.

3.) I only have AES256 SHA1 active but RC4 still gets used.

4.) I have tested RADIUS from the ASDM and it works where do I set it for the Clientless SSL VPN?

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: