Transcript network.nwtc.edu

ASA 5505
SSL VPN
Joe Cicero
Northeast Wisconsin Technical College
About SSL VPN Client Connections
With an SSL VPN client setup, remote
users do not need to install a software
client before attempting to establish a
connection.
With correct credentials any user with a
browser can connect to internal resources
on the network
Starting the “SSL VPN Wizard”
Setting Your Connection Type
The ASA 5505 provides two types of SSL
VPN Access.
– Clientless SSL VPN Access, no additional
software is downloaded and installed to obtain
access to SUPPORTED internal resources.
– Cisco SSL VPN Client (Anyconnect VPN
Client), The ASA pushes a self-installing client
to the remote PC that allows FULL, secure
access to internal resource.
Setting Your Connection Type
Interface, Certificate, and Group
Settings
Connection Name
– Provide a connection name for this group of connection-oriented
attributes.
SSL VPN Interface
– Specify the interface to allow SSL VPN connections.
Digital Certificate
– Specify a certificate, if any, that the security appliance sends to
the remote PC.
Connection Group Settings
– You can enable the security appliance to display a group alias
for this connection on the login page.
– Display Group Alias list at the login page—Enable to display the
group alias.
Setting the VPN Interface
Configuring User Authentication
Authenticate using a AAA server group—Enable to let
the security appliance contact a remote AAA server
group to authenticate the user.
AAA Server Group Name—Select a AAA server group
from the list of pre-configured groups, or click New to
create a new group.
Authenticate using the local user database—Add new
users to the local database stored on the security
appliance.
–
–
–
–
Username—Create a username for the user.
Password—Create a password for the user.
Confirm Password—Re-type the same password to confirm.
Add/Delete—Add or delete the user from the local database.
Configuring User Authentication
Defining a Group Policy
Group policies configure common
attributes for groups of users. Create a
new group policy or select an existing one
to modify.
Create new group policy
– Enable to create a new group policy. Provide
a name for the new policy.
Modify existing group policy
– Select an existing group policy to modify.
Defining a Group Policy
Creating a Bookmark List
Bookmark lists appear on the portal page
for Clientless, browser-based connections.
SSL VPN client users can see these
bookmarks to enable easy access to
resources.
Bookmark List
– Select an existing list or click Manage to
create a new list, or import or export
bookmark lists.
Creating a Bookmark List
Confirming No Bookmark
Summary Screen
Client Connection
To connect to the SSL VPN you simply
use a browser to connect to the external
interface of your ASA 5505 via https!
The following pages will show you what
the SSL VPN looks like from a Mozilla
client.
Client Connection
You will need to accept certificates
Questions / Comments