AnyConnect and Clientless SSL-VPN

Answered Question

Are there any issues in running Cisco AnyConnect and Clientless SSL-VPN alongside each other??


I am currently looking into adding AnyConnect functionality to an ASA that has currently configured to run Clientless SSL-VPN. The Clientless system will not be removed. I know how to configure it, I am wondering if someone has already configured this or if there are any issue with this setup?

Correct Answer by DialerString_2 about 7 years 1 month ago

I've tested this and you can do. I had both setup on my ASA.

Correct Answer by stephan.ochs about 7 years 1 month ago

Hi Daniel


It's a bit tricky if you want a granular authentication and authorization, but it works.

I'm running an ASA with IPSec, SSL Client and Clientless SSL.

Each of those VPNs with username/one-time-password and certificate based authen.

The main challenge is to build up a clean structure of Profile Maps, Connection Profiles, Group Policies and Dynamic Access Policies.


Feel free to ask further questions...


Stephan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
stephan.ochs Thu, 03/11/2010 - 05:01
User Badges:

Hi Daniel


It's a bit tricky if you want a granular authentication and authorization, but it works.

I'm running an ASA with IPSec, SSL Client and Clientless SSL.

Each of those VPNs with username/one-time-password and certificate based authen.

The main challenge is to build up a clean structure of Profile Maps, Connection Profiles, Group Policies and Dynamic Access Policies.


Feel free to ask further questions...


Stephan

Correct Answer
DialerString_2 Thu, 03/11/2010 - 07:13
User Badges:
  • Bronze, 100 points or more

I've tested this and you can do. I had both setup on my ASA.

guibarati Wed, 03/27/2013 - 17:10
User Badges:
  • Bronze, 100 points or more

Hi Stephan,


Is there any document showing how to do it?

I have some anyconnect profile configured and I enabled clientless connection on them.


But when I access the URL https://"asa address" the ASA send me straight to anyconnect instalation.

If the profile is enable for anyconnect and clientless is ther a way to choose which way to connect?



Thanks!

JeromeTechie1 Thu, 03/28/2013 - 06:52
User Badges:

In group Policy edit > Advanced > AnyConnect CLient > Login Settings


Prompt user to choose

Actions

This Discussion

Related Content