Cisco Cisco ASA 5510 Adaptive Security Appliance 기술 매뉴얼
Thin−Client SSL VPN (WebVPN) on ASA 7.x with
ASDM Configuration Example
ASDM Configuration Example
Document ID: 70632
Contents
Introduction
Prerequisites
Requirements
Components Used
Network Diagram
Conventions
Background Information
Thin−Client SSL VPN Configuration using ASDM
Step 1. Enable WebVPN on the ASA
Step 2. Configure Port Forwarding Characteristics
Step 3. Create a Group Policy and Link it to the Port Forwarding List
Step 4. Create a Tunnel Group and Link it to the Group Policy
Step 5. Create a User and Add That User to the Group Policy
Thin−Client SSL VPN Configuration using CLI
Verify
Procedure
Commands
Troubleshoot
Prerequisites
Requirements
Components Used
Network Diagram
Conventions
Background Information
Thin−Client SSL VPN Configuration using ASDM
Step 1. Enable WebVPN on the ASA
Step 2. Configure Port Forwarding Characteristics
Step 3. Create a Group Policy and Link it to the Port Forwarding List
Step 4. Create a Tunnel Group and Link it to the Group Policy
Step 5. Create a User and Add That User to the Group Policy
Thin−Client SSL VPN Configuration using CLI
Verify
Procedure
Commands
Troubleshoot
Is the SSL handshake process complete?
Is the SSL VPN Thin−Client functional?
Commands
Related Information
Is the SSL VPN Thin−Client functional?
Commands
Related Information
Introduction
Thin−Client SSL VPN technology allows secure access for some applications that have static ports, such as
Telnet(23), SSH(22), POP3(110), IMAP4(143) and SMTP(25). You can use the Thin−Client SSL VPN as a
user−driven application, policy−driven application, or both. That is, you can configure access on a user by
user basis or you can create Group Policies in which you add one or more users.
Telnet(23), SSH(22), POP3(110), IMAP4(143) and SMTP(25). You can use the Thin−Client SSL VPN as a
user−driven application, policy−driven application, or both. That is, you can configure access on a user by
user basis or you can create Group Policies in which you add one or more users.
Clientless SSL VPN (WebVPN)Provides a remote client that requires an SSL−enabled Web
browser to access HTTP or HTTPS Web servers on a corporate local−area network (LAN). In
addition, clientless SSL VPN provides access for Windows file browsing through the Common
Internet File System (CIFS) protocol. Outlook Web Access (OWA) is an example of HTTP access.
browser to access HTTP or HTTPS Web servers on a corporate local−area network (LAN). In
addition, clientless SSL VPN provides access for Windows file browsing through the Common
Internet File System (CIFS) protocol. Outlook Web Access (OWA) is an example of HTTP access.
Refer to Clientless SSL VPN (WebVPN) on ASA Configuration Example in order to learn more
about the Clientless SSL VPN.
about the Clientless SSL VPN.
•
Thin−Client SSL VPN (Port Forwarding)Provides a remote client that downloads a small
Java−based applet and allows secure access for Transmission Control Protocol (TCP) applications
that use static port numbers. Post Office Protocol (POP3), Simple Mail Transfer Protocol (SMTP),
Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure
access. Because files on the local machine change, users must have local administrative privileges to
use this method. This method of SSL VPN does not work with applications that use dynamic port
assignments, such as some file transfer protocol (FTP) applications.
Java−based applet and allows secure access for Transmission Control Protocol (TCP) applications
that use static port numbers. Post Office Protocol (POP3), Simple Mail Transfer Protocol (SMTP),
Internet Message Access Protocol (IMAP), secure shell (ssh), and Telnet are examples of secure
access. Because files on the local machine change, users must have local administrative privileges to
use this method. This method of SSL VPN does not work with applications that use dynamic port
assignments, such as some file transfer protocol (FTP) applications.
•