WebVPN on ASA part one: very basic config

I have one specific goal in this blog: to enable very basic WebVPN in order to access web portal. Coexistence with WebVPN and ASDM is a plus. So let’s crack our fingers…

  • Step one –  set up a SSL/TLS: because WebVPN depends on SSL/TLS, we will first set up some SSL/TLS parameters. These include which versions of SSL or TLS we will support and what encryption algorithms and hash functions we will allow. Please have in mind that parameters set here must be supported by the client browser. First, a SSL/TLS version and then an encryption:

 

image

Picture 1: setting SSL/TLS version

 

image

Picture 2: setting encryption and hashing algorithms

 

  • Step two – enabling WebVPN globally: by default WebVPN is disabled. Once enabled it listens  on port TCP/443. This can cause some issues. First, if a user browses http:// instead of https:// he or she will get an error. Second, there might be a conflict with ASDM which also uses TCP/443 by default. But first, let’s enable WebVPN:

image

Picture 3: enabling WebVPN

 

  • Step three – setting up redirection and ASDM: in this step we will redirect all users typing http:// instead of https:// to the right place. We will also set up an ASDM to use port TCP/4433 instead of TCP/443 so we don’t have a conflict. Users accessing an ASDM will go to https://x.y.z.w:4433.

image

Picture 4: tweaking a little bit

So, believe or not – that’s it. If we now go to http://x.y.z.w we will be redirected to https://x.y.z.w and have a certificate warning, which is normal at this stage. There is a workaround, but for now we receive this warning because the ASA uses a self-signed certificate for this SSL/TLS session.

 

image

 

Once we click “Continue to this website (not recommended)” we will see a default WebVPN portal page:

 

image

 

Ok, I would make a short break now and in the following blog we will actually authenticate and make use of this WebVPN portal.

Advertisements
This entry was posted in ASA, Cisco, VPN, WebVPN and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s