Once you accept the risk you will get the following login page.Įnter in the username and password in my case Homer. Click on I Understand the Risks to continue. Looks good because this is a self signed certificate from the ASA the Firefox brower gives you a warning not to trust the site. In the address bar enter the URL configured earlier which is: Now using the built-in Firefox browser on the Linux PC it is time to test the Clientless SSL VPN and see if we can connect to the Corp LAN. It is always good practice to test the connectivity, open a Terminal Window in the Linux PC and ping the Gateway at 200.0.0.1. Set the IP address and the Gateway and click on A pply To configure an IP address on the Linux PC click on Control Panel > Network Next configure the Tin圜ore Linux PC with an IP address in the same range as Gi0/1 I’ll use 200.0.0.2 and set the default gateway to 200.0.0.1. I’ll have to give Gi0/1 an IP address (200.0.0.1/24) and also a default route to send all traffic to the ASA using the command “ip route 0.0.0.0 0.0.0.0 136.1.47.1” as shown below. With the ASA configured the next step is to configure R4 in my topology. That is it, you’ll get a summary page click on Finish to send the config to the ASA. I don’t have an email server in my lab but the bookmark will appear once I connect to the Clientless SSL VPN (hopefully). You need to configure the IP address of the EMAIL server. Here you give the bookmark a name like EMAIL. In the next step you can configure a list of bookmarks that the Remote users will be able to click on to access resources on the Corp LAN. Here I’ve setup a new policy called Remote_Users, this policy will inherit the DfltGrpPolicy attributes which I can change later if I need to. The next step is to setup a group policy or select an existing policy. Select Authenticate using the local user database and add a new user, here I’m adding Homer once added click on Next The next step is to configure User Authentication you’ll have the choice to use an AAA server (which I dont have) or the Local User DB which I’ve selected. I’ve also given the Connection an Alias of SSL. I don’t have my own digital certificate so I’m leaving the Certificate set to None, because of this the ASA will provide a self signed certificate. Here you need to give your Clientless SSL VPN a Connection Profile Name I’ve named this one SSL_Remote_Access and I’ve also selected the Interface that the SSL VPN will connect in on which is the Outside Interface (Internet). The Clientless SSL VPN Wizard window will pop up, click on Next. Click on Wizards > VPN Wizards > Clientless SSL VPN Wizard… When you log into the ASDM GUI you’ll get the main screen above. I’ll also be using R4 and the Remote Worker PC which is running a Tin圜ore Linux to test the Clientless SSL VPN.Ĭonfigure the Clientless SSL VPN on the ASAv via the ASDM GUI The nodes I’m using will be the ASA with the ASDM connected via the cloud from my local PC, if you want to know how to set the ASA up with access via the ASDM check out one of my other posts: How-To: ASA in GNS3 with ASDM In this post I’m going to setup a Clientless SSL VPN via the ASDM GUI and then connect to it via the Tin圜ore Linux PC all from GNS3.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |