Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Concentrator- WebVPN using Cisco SSL Client

Hi,

I have configured WebVPN client using Cisco SSL VPN client on VPN Concentrator 3030. But every time the user logs in, the Client software get installed. Is there anyway to avoid this and configure in such a way that after the user gets authenticated, he can directly get access to internal network without installing the client software every time.

fahim

7 REPLIES
Cisco Employee

Re: VPN Concentrator- WebVPN using Cisco SSL Client

Fahim,

If you go to the webvpn tab in the group that the users are connecting, you have options for

Require Cisco SSL VPN Client

Keep Cisco SSL VPN Client.

You might want to choose Keep Cisco SSL VPN client - This would keep the installer in the machine that is trying to authenticate and will not install everytime the user logs in.

Or If you have Inherit checked, make sure you change that on Base-Group.

Rate this post, if it helps.

Cheers

Gilbert

Community Member

Re: VPN Concentrator- WebVPN using Cisco SSL Client

Gilbert,

thanks for the suggestion. one more question.. during the connection, the windows prompts for 3-4 message box where we have to press yes every time we try to connect. Is it possible to avoid that.

Regards,

Fahim

Community Member

Re: VPN Concentrator- WebVPN using Cisco SSL Client

We will also configure the browser by adding the VPN url as a trusted site and to not prompt for downloading activex.

Community Member

Re: VPN Concentrator- WebVPN using Cisco SSL Client

okay thanks a lot.. this helped.. one more question.. while connecting, 3-4 message boxes are prompted and every time we have to press YES. can this be avoided. if not all atleast the one which gives error message.

Community Member

Re: VPN Concentrator- WebVPN using Cisco SSL Client

You are probably getting certificate errors because by default the ASA uses its own certificate for the outside interface.

When you connect to an SSL website, your browser checks the site for a valid certificate from an authority like Verisign. If you went this route, you would need to buy a Verisign certificate and apply it to the outside inteface as a trustpoint.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807c2151.shtml

Another opion you have is to create your own certificate in the ASA, then manually install this certificate by adding it to your browser's trusted root certificate store. You will need to click through and install the certificate on the client's machine through the web browser. You may not want to do this.

Cisco Employee

Re: VPN Concentrator- WebVPN using Cisco SSL Client

Fahim -

What Kevin said is correct. Except you are using a VPN 3000 concentrator.

So, you just need to import that certificate given by the concentrator into your browser trusted certificates and you should be good to go.

Thanks

Gilbert

Community Member

Re: VPN Concentrator- WebVPN using Cisco SSL Client

Hello Gilbert,

I'm facing the same issues with the same prompts and alerts about certificates. The problem is a bit worse because I'm also using Cisco Secure Desktop, and that 'masquerades' one of the alerts - it stays behind the secure desktop - making it difficult for the end user to find and accept it.

well, I'm not sure if there is an actual solution for that, other than importing the certificate the browser's trusted certificates, or acquiring an verifiable certificate.

if you have any idea that can help me....

thanks !

368
Views
6
Helpful
7
Replies
CreatePlease to create content