Cisco Cisco ASA 5520 Adaptive Security Appliance 技術マニュアル
that use static port numbers. Post Office Protocol (POP3), Simple Mail Transfer Protocol (SMTP),
Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure
access. Because files on the local machine change, users must have local administrative privileges to
use this method. This method of SSL VPN does not work with applications that use dynamic port
assignments, such as some file transfer protocol (FTP) applications.
Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure
access. Because files on the local machine change, users must have local administrative privileges to
use this method. This method of SSL VPN does not work with applications that use dynamic port
assignments, such as some file transfer protocol (FTP) applications.
Refer to Thin−Client SSL VPN (WebVPN) on ASA with ASDM Configuration Example in order to
learn more about the Thin−Client SSL VPN.
learn more about the Thin−Client SSL VPN.
Note: User Datagram Protocol (UDP) is not supported.
SSL VPN Client (Tunnel Mode)Downloads a small client to the remote workstation and allows
full secure access to resources on an internal corporate network. You can download the SSL VPN
Client (SVC) to a remote workstation permanently, or you can remove the client once the secure
session is closed.
SSL VPN Client (Tunnel Mode)Downloads a small client to the remote workstation and allows
full secure access to resources on an internal corporate network. You can download the SSL VPN
Client (SVC) to a remote workstation permanently, or you can remove the client once the secure
session is closed.
•
This document describes how to configure the SVC on an Adaptive Security Appliance (ASA) using the
Adaptive Security Device Manager (ASDM). The command lines that result from this configuration are listed
in the Results section.
Adaptive Security Device Manager (ASDM). The command lines that result from this configuration are listed
in the Results section.
Prerequisites
Requirements
Before you attempt this configuration, ensure that you meet these requirements:
SVC starts support from Cisco Adaptive Security Appliance Software Version 7.1 and later
•
Local administrative privileges on all remote workstations
•
Java and ActiveX controls on the remote workstation
•
Port 443 is not blocked anywhere along the connection path
•
Components Used
The information in this document is based on these software and hardware versions:
Cisco Adaptive Security Appliance Software Version 7.2(1)
•
Cisco Adaptive Security Device Manager 5.2(1)
•
Cisco Adaptive Security Appliance 5510 series
•
Microsoft Windows XP Professional SP 2
•
The information in this document was developed in a lab environment. All devices used in this document
started were reset to their default configuration. If your network is live, make sure you understand the
potential impact of any command. All IP addresses used in this configuration were selected from RFC 1918
addresses in a lab environment; these IP addresses are not routable on the Internet and are for test purposes
only.
started were reset to their default configuration. If your network is live, make sure you understand the
potential impact of any command. All IP addresses used in this configuration were selected from RFC 1918
addresses in a lab environment; these IP addresses are not routable on the Internet and are for test purposes
only.
Network Diagram
This document uses the network configuration described in this section.
A remote user connects to the IP address of the ASA with an SSL−enabled Web browser. After successful
authentication, the SVC is downloaded to the client computer, and the user can use an encrypted secure
session for full access to all the permitted resources on the corporate network.
authentication, the SVC is downloaded to the client computer, and the user can use an encrypted secure
session for full access to all the permitted resources on the corporate network.