cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
633
Views
0
Helpful
5
Replies

Configuration of Webvpn

rkalia1
Level 1
Level 1

I need some help on Webvpn as I have never configured one on an ASA. I have an ASA 5510. It has around 8 IPSec tunnels already running on it. I want to configure Webvpn for some users of that company who may be using public PCs over the upcoming holidays to access a particular website in the corporate network. So I will be giving access to only that URL. Reason why I am not giving them access through Remote Access IPSec vPN is that some of them may use public PCs to access the site. Hence I have decided on Webvpn access to them. Please advise if that is right thing to do. Also, is there any problem if I configure Webvpn on that ASA even if there are around 8 L2L tunnels running on the device. Another thing I want to know is that do the Webvpn clients need any assignment of IP address form an IP Pool like IPSec RA clients. A brief descritpion will help. Any help is appreciated.

2 Accepted Solutions

Accepted Solutions

There are different flavours of SSL VPN:

Clientless (WebVPN)

Thin Client (WebVPN+port forwarding)

Thick (SSL VPN) Client

For the first two options no IP Pool needs to be defined. That is only required in the Thick/Full SSL VPN Client configuration.

SSL/IPSec VPNs can co-exist with each other without any issues.

This is a configuration example for Clientless:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

Please rate if helpful.

Regards

Farrukh

View solution in original post

Yes you can do that.Infact that how its done in most cases.

If you are using ASDM from outside then you will need to change ASDM port on ASA.

Syed Iftekhar Ahmed

View solution in original post

5 Replies 5

rkalia1
Level 1
Level 1

Any help on this please....

There are different flavours of SSL VPN:

Clientless (WebVPN)

Thin Client (WebVPN+port forwarding)

Thick (SSL VPN) Client

For the first two options no IP Pool needs to be defined. That is only required in the Thick/Full SSL VPN Client configuration.

SSL/IPSec VPNs can co-exist with each other without any issues.

This is a configuration example for Clientless:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml

Please rate if helpful.

Regards

Farrukh

Thanks Farrukh. Just wanted a second opinion on what I am going to configure. Thanks for pitching in. Antoher query I have is that will it be ok to enable both IPSec and Webvpn on the outside interface of ASA? I have ISAKMP already enabled on the outside with around 8 IPsec tunnels in operation. And I have to enable Webvpn on the outside now. There will not be any problem right?

Thanks for your time devoted to my query.

Yes you can do that.Infact that how its done in most cases.

If you are using ASDM from outside then you will need to change ASDM port on ASA.

Syed Iftekhar Ahmed

Yes as Iftekhar said you can run both on the same interface without any issues. SSL VPNs use port 443 (SSL) whereas IPSEC VPNs use ESP/UDP500/4500.

However If you want to run ASDM (ASA GUI) and SSL VPNs on the outside interface, this causes a conflict, as both use port 443 by default. To make this work you need to change the port for either webvpn or ASDM, please look at this link:

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: