cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4343
Views
0
Helpful
5
Replies

AnyConnect and Clientless SSL-VPN

dcastleton
Level 1
Level 1

Are there any issues in running Cisco AnyConnect and Clientless SSL-VPN alongside each other??

I am currently looking into adding AnyConnect functionality to an ASA that has currently configured to run Clientless SSL-VPN. The Clientless system will not be removed. I know how to configure it, I am wondering if someone has already configured this or if there are any issue with this setup?

2 Accepted Solutions

Accepted Solutions

stephan.ochs
Level 1
Level 1

Hi Daniel

It's a bit tricky if you want a granular authentication and authorization, but it works.

I'm running an ASA with IPSec, SSL Client and Clientless SSL.

Each of those VPNs with username/one-time-password and certificate based authen.

The main challenge is to build up a clean structure of Profile Maps, Connection Profiles, Group Policies and Dynamic Access Policies.

Feel free to ask further questions...

Stephan

View solution in original post

I've tested this and you can do. I had both setup on my ASA.

View solution in original post

5 Replies 5

stephan.ochs
Level 1
Level 1

Hi Daniel

It's a bit tricky if you want a granular authentication and authorization, but it works.

I'm running an ASA with IPSec, SSL Client and Clientless SSL.

Each of those VPNs with username/one-time-password and certificate based authen.

The main challenge is to build up a clean structure of Profile Maps, Connection Profiles, Group Policies and Dynamic Access Policies.

Feel free to ask further questions...

Stephan

I've tested this and you can do. I had both setup on my ASA.

Thank you very much for your answers I will be implementing this in the next few days hopefully I will not run into any issues

Thanks for your help

Dan

Hi Stephan,

Is there any document showing how to do it?

I have some anyconnect profile configured and I enabled clientless connection on them.

But when I access the URL https://"asa address" the ASA send me straight to anyconnect instalation.

If the profile is enable for anyconnect and clientless is ther a way to choose which way to connect?

Thanks!

In group Policy edit > Advanced > AnyConnect CLient > Login Settings

Prompt user to choose

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: