Configuring Clientless SSL VPN with Cisco ASA

Published by Keyboard Banger on

cisco-asa

In this lab we are going to configure a clientless SSL VPN using Cisco ASA firewall.

The topology layed out here is based on the suggested lab in the official Cisco training IINS.

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_10_41

We are going to build a clientless SSL VPN between Internet-PC and Site1 resources. We’ll configure the whole thing using the Clientless SSL VPN wizard on ASA.

First, from the ASDM software go to Wizards -> VPN Wizards -> Clientless SSL VPN Wizard.

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_15_52

The SSL VPN Wizard launches. Click Next:

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_16_04

Give a name to your Connection Profile:

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_19_42

Under SSL VPN Interface, choose the interface “outside”:configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_19_55

Leave the field Certificate to “None”. Notice that there is the possibility to use a self signed certificate. But I am not going to demonstrate it here.

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_20_03

Give an alias to your Connection Group then click Next:
configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 20_43_34At this point we must define some credentials. These are the ones ASA is going to check the inbound connection request against. Similar to the authentication we configured in the past on Kali Linux, we can leverage AAA. But for the simplicity of this tutorial we will use local credentials:configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_21_23

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_21_49

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_21_59

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_22_12

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_22_22

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_22_31

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_35_11

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_36_01

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_36_09

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 18_36_22

Verification steps:

Edit the etc/hosts file to add the hostname resolution between the SSL VPN terminating interface (the ASA outside interface) and the domain name “vpn.site1.public”

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 20_59_38

We enter the full URL, not only the domain name. This way the security appliance will automatically select the associated Connection Profile.

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_03_17

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_05_10

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_05_24

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_05_53

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_07_45

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 21_08_19

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 22_10_48

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 22_13_24

configuring-clientless-ssl-vpn-cisco-asa-2017-07-30 22_13_35

Categories: CCNA Security

Keyboard Banger

Keyboard Banger is a network engineer from Africa. He has been working in network support and administration since 2008. He started writing study notes about certification exams and technology topics a couple of years ago. When he's not writing articles, he can be found wandering on technical forums.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *