07-25-2008 03:20 AM - edited 02-21-2020 03:51 PM
Hi,
I have many Site-to-Sites and client based VPN's running through my ASA 5520, but I would like to test SSL VPN over the web.
Is it like the Client VPN and do I need to buy a certificate or does the ASA generate one?
07-25-2008 03:54 AM
the only thing u need in ur client side is web browser, such as IE.
07-25-2008 06:20 AM
Couple of questions.
I'm using the ASDM.
1.) I haven't created a certificate, but it's logged on using https port 443. Do I need one?
2.) I've added the website to the bookmarks, but how do I get the external client use our internal DNS server to resolve the websites?
3.) I'm connecting as RC4-SHA1, is AES256-SHA1 better?
07-25-2008 06:39 AM
for DNS
by using ASDM
go to ASDM configuration then VPN section
To specify DNS servers, choose Configuration > Features > Properties > DNS Client
by using command line
tunnel-group [name] webvpn-attributes
nbns-server [dns ip adress]
ASDM
To specify DNS servers, choose Configuration > Features > Properties > DNS Client. Cisco ASA allows up to six DNS server for name resolution. You have to instruct Cisco ASA which interface to use to send the DNS requests
if ur dns on the inside also put the following
by CLI
dns domain-lookup inside
dns name-server [dns ip address]
and the cetificate will be intiated from server side only which is the ASA for securing the tunnel dose not need to authenticate the client certificate
AES secure and less cpu intensive
Rate if helpful
07-25-2008 06:55 AM
Thanks - My DNS is working now.
W1.) hat should my Server SSL version be set to? it is "any" and so is Client SSL version.
3.) I only have AES256 SHA1 active but RC4 still gets used.
4.) I have tested RADIUS from the ASDM and it works where do I set it for the Clientless SSL VPN?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: