Configuring Clientless SSL VPN with Cisco ASA
In this lab we are going to configure a clientless SSL VPN using Cisco ASA firewall.
The topology layed out here is based on the suggested lab in the official Cisco training IINS.
We are going to build a clientless SSL VPN between Internet-PC and Site1 resources. We’ll configure the whole thing using the Clientless SSL VPN wizard on ASA.
First, from the ASDM software go to Wizards -> VPN Wizards -> Clientless SSL VPN Wizard.
The SSL VPN Wizard launches. Click Next:
Give a name to your Connection Profile:
Under SSL VPN Interface, choose the interface “outside”:
Leave the field Certificate to “None”. Notice that there is the possibility to use a self signed certificate. But I am not going to demonstrate it here.
Give an alias to your Connection Group then click Next:
At this point we must define some credentials. These are the ones ASA is going to check the inbound connection request against. Similar to the authentication we configured in the past on Kali Linux, we can leverage AAA. But for the simplicity of this tutorial we will use local credentials:
Edit the etc/hosts file to add the hostname resolution between the SSL VPN terminating interface (the ASA outside interface) and the domain name “vpn.site1.public”
We enter the full URL, not only the domain name. This way the security appliance will automatically select the associated Connection Profile.