Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

I would like to know if Cisco ASA or IOS router can be a client of SSL VPN ? Thanks.

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

I am glad to hear that.

Indeed the ASA5505 and Cisco Routers can be EzVPN clients.

Please mark this question as answered if you do not have any further questions.

Let me know.

Rate any post you find helpful.      

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Karthik,

I give you five stars

Have a good one!

12 REPLIES

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Hui,

Yes. Of course in cleint end all you need to allow only the specific ports for connecting with the VPN server. In case of SSL you need to allow the specific ports like 443 in the client end firewall or router specific to the VPN peer. That will work.

Please do rate if the given information helps.

By

Karthik

New Member

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Thanks Karthik,

Your answer is real encourage me.

For my understanding, to be a client of ssl vpn, it has to initiate the ssl vpn session and points to the ssl vpn server. Could you please let me know how to input these commands into ASA ?

Best Regards,

Hui

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

You can use the ASDM and there is a wizard for all kind of VPNs.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Saludos,
Jose Luis B.
No te olvides de calificar si te sirvio la ayuda.

Please do rate if the given information helps.

Saludos, Jose Luis B. No te olvides de calificar si te sirvio la ayuda. Please do rate if the given information helps.

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Hui,

Yes. You can just allow port 443 (https) in your ASA/Router towards the SSL VPN server. That will make that to work.

Just an simple acl like the below

access-list insidetooutside extended permit tcp host eq 443.

Please do rate if the given information helps.

By

Karthik

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hui,

Are you asking of you can setup a site-to-site tunnel using ssl? I dont think you can since you can't set the ios device as an ssl client. I think there may be some confusion because your questions seems to be asking if the router and the ASA can have a client to server ssl vpn relationship. If that is your question then know, for site-to-site tunnels ssl is not a method you can use or atleast I havent heard of one.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Thanks Tarik,

That's my question. I'd like to know if the ASA can be the client of SSL VPN to terminate the SSL VPN and decrypt the traffic and then the ASA can route it again. The same function as site-to-site VPN. But for SSL I would have to call it client-to-server SSL VPN (it only can initiate the session from client). Even for IOS router, I could not find any model support this function -- be a client fo SSL VPN.

New Member

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Karthik,

Thanks for your reply.

It's good to allow the SSL traffic come in from tcp 443, but the SSL VPN server could not initiate the SSL session. I think as a client of SSL VPN, the ASA needs to be configured with commands which point to the server.

Hui

Re: Can Cisco ASA or IOS router be a client of SSL VPN ?

Dear Hui,

I am sorry but I am afraid to disagree with the previous posts.

Neither the Router or the ASA can act as SSL clients, they can be servers for SSL connections such as AnyConnect and WebVPN, but not clients.

Am I getting your question wrong?

Let me know.

Thanks.

Please rate if you find it helpful.

New Member

Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Javier,

Thanks for your timely reply. Your answered my question with"Neither the Router or the ASA can act as SSL clients".

If ASA or IOS router can act as SSL client, that would be helpful, Like IPSec EZVPN, routers can play the role of client.

Hui

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

I am glad to hear that.

Indeed the ASA5505 and Cisco Routers can be EzVPN clients.

Please mark this question as answered if you do not have any further questions.

Let me know.

Rate any post you find helpful.      

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Hui,

Kindly Regret. If my earlier posts were wrong. I totally misunderstood your query.

By

Karthik

Re: Can Cisco ASA or IOS router be a clinet of SSL VPN ?

Hi Karthik,

I give you five stars

Have a good one!

1284
Views
5
Helpful
12
Replies
CreatePlease login to create content