I have one specific goal in this blog: to enable very basic WebVPN in order to access web portal. Coexistence with WebVPN and ASDM is a plus. So let’s crack our fingers…
- Step one – set up a SSL/TLS: because WebVPN depends on SSL/TLS, we will first set up some SSL/TLS parameters. These include which versions of SSL or TLS we will support and what encryption algorithms and hash functions we will allow. Please have in mind that parameters set here must be supported by the client browser. First, a SSL/TLS version and then an encryption:
Picture 1: setting SSL/TLS version
Picture 2: setting encryption and hashing algorithms
- Step two – enabling WebVPN globally: by default WebVPN is disabled. Once enabled it listens on port TCP/443. This can cause some issues. First, if a user browses http:// instead of https:// he or she will get an error. Second, there might be a conflict with ASDM which also uses TCP/443 by default. But first, let’s enable WebVPN:
Picture 3: enabling WebVPN
- Step three – setting up redirection and ASDM: in this step we will redirect all users typing http:// instead of https:// to the right place. We will also set up an ASDM to use port TCP/4433 instead of TCP/443 so we don’t have a conflict. Users accessing an ASDM will go to https://x.y.z.w:4433.
Picture 4: tweaking a little bit
So, believe or not – that’s it. If we now go to http://x.y.z.w we will be redirected to https://x.y.z.w and have a certificate warning, which is normal at this stage. There is a workaround, but for now we receive this warning because the ASA uses a self-signed certificate for this SSL/TLS session.
Once we click “Continue to this website (not recommended)” we will see a default WebVPN portal page:
Ok, I would make a short break now and in the following blog we will actually authenticate and make use of this WebVPN portal.