Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SSL VPN ASA 5520 help


I have many Site-to-Sites and client based VPN's running through my ASA 5520, but I would like to test SSL VPN over the web.

Is it like the Client VPN and do I need to buy a certificate or does the ASA generate one?


Re: SSL VPN ASA 5520 help

the only thing u need in ur client side is web browser, such as IE.

New Member

Re: SSL VPN ASA 5520 help

Couple of questions.

I'm using the ASDM.

1.) I haven't created a certificate, but it's logged on using https port 443. Do I need one?

2.) I've added the website to the bookmarks, but how do I get the external client use our internal DNS server to resolve the websites?

3.) I'm connecting as RC4-SHA1, is AES256-SHA1 better?

Re: SSL VPN ASA 5520 help

for DNS

by using ASDM

go to ASDM configuration then VPN section

To specify DNS servers, choose Configuration > Features > Properties > DNS Client

by using command line

tunnel-group [name] webvpn-attributes

nbns-server [dns ip adress]


To specify DNS servers, choose Configuration > Features > Properties > DNS Client. Cisco ASA allows up to six DNS server for name resolution. You have to instruct Cisco ASA which interface to use to send the DNS requests

if ur dns on the inside also put the following

by CLI

dns domain-lookup inside

dns name-server [dns ip address]

and the cetificate will be intiated from server side only which is the ASA for securing the tunnel dose not need to authenticate the client certificate

AES secure and less cpu intensive

Rate if helpful

New Member

Re: SSL VPN ASA 5520 help

Thanks - My DNS is working now.

W1.) hat should my Server SSL version be set to? it is "any" and so is Client SSL version.

3.) I only have AES256 SHA1 active but RC4 still gets used.

4.) I have tested RADIUS from the ASDM and it works where do I set it for the Clientless SSL VPN?