https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667399#M535153 <P>Hello,</P><P></P><P>I am very new to webvpn and digital certificates. I have to configure a cisco webvpn solution using digital certificates (for now its self signed). I also need to publish an internal url to the ssl vpn. They have an acive directory server for authentication purposes and the protocol to be used in LDAP. I would need to provide java rdp access to that url. </P><P></P><P>Can some one point me to the right direction on how I should be starting to work on this solution. I have seen a few configuration examples on Cisco site but some are there without digital certs and some are there with them. I am just a bit confused on which to follow.</P><P></P><P>Your help will be very much appreciated</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:03:04 GMT sidcracker 2019-03-11T21:03:04Z https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667399#M535153 <P>Hello,</P><P></P><P>I am very new to webvpn and digital certificates. I have to configure a cisco webvpn solution using digital certificates (for now its self signed). I also need to publish an internal url to the ssl vpn. They have an acive directory server for authentication purposes and the protocol to be used in LDAP. I would need to provide java rdp access to that url. </P><P></P><P>Can some one point me to the right direction on how I should be starting to work on this solution. I have seen a few configuration examples on Cisco site but some are there without digital certs and some are there with them. I am just a bit confused on which to follow.</P><P></P><P>Your help will be very much appreciated</P><P></P><P>Thanks</P> Mon, 11 Mar 2019 21:03:04 GMT https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667399#M535153 sidcracker 2019-03-11T21:03:04Z https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667400#M535158 <HTML><HEAD></HEAD><BODY><P> When we are defining specific urls to be accessed on the corporate site, should the following process be folowed?</P><P></P><P>1. Defining the webvpn functions under group policy eg. </P><P></P><P>group-policy GroupPolicy1 internal</P><P>group-policy GroupPolicy1 attributes</P><P>vpn-tunnel-protocol IPSec l2tp-ipsec webvpn</P><P>webvpn</P><P>&nbsp; functions url-entry file-access file-entry file-browsing mapi port-forward filter </P><P>&nbsp;&nbsp; http-proxy auto-download citrix</P><P></P><P>2. Configuring the group policy on the tunnel group eg.</P><P></P><P>tunnel-group DefaultWEBVPNGroup general-attributes</P><P>default-group-policy GroupPolicy1</P><P></P><P>3. Configuring the URL list on which resources to be accessible eg.</P><P></P><P>webvpn</P><P>enable outside</P><P>url-list ServerList "WSHAWLAP" cifs://10.2.2.2 1</P><P><SPAN>url-list ServerList "FOCUS_SRV_1" </SPAN><A class="jive-link-external-small" href="https://10.2.2.3">https://10.2.2.3</A><SPAN> 2</SPAN></P><P><SPAN>url-list ServerList "FOCUS_SRV_2" </SPAN><A class="jive-link-external-small" href="http://10.2.2.4">http://10.2.2.4</A><SPAN> 3</SPAN></P><P></P><P></P><P>--------------------------------------------------------------------------------------------------------------------------------------------------------------------------</P><P></P><P>Questions</P><P></P><P>1. How do I configure active directory authentication on the ASA. The users should be authenticated by AD before accessing the resources</P><P></P><P>2. What is the purpose of the digital certificate and how do i configure it for webvpn to use it?</P><P></P><P>Thanks</P></BODY></HTML> Mon, 25 Jul 2011 02:37:15 GMT https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667400#M535158 sidcracker 2011-07-25T02:37:15Z https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667401#M535160 <HTML><HEAD></HEAD><BODY><P> COuld someone tell me if this is the way to authenticate LDAP with ASA. Will this take Active Directory authentication</P><P></P><P>ciscoasa(config)#aaa-server LDAP_SRV_GRP protocol ldap</P><P></P><P><EM><BR /><SPAN style="color: #0000ff;">!--- Configure the AAA Server.</SPAN><BR /></EM></P><P></P><P>ciscoasa(config-aaa-server-group)#aaa-server LDAP_SRV_GRP (inside) </P><P>&nbsp;&nbsp; host 192.168.1.2</P><P>ciscoasa(config-aaa-server-host)#ldap-base-dn dc=ftwsecurity, dc=cisco, dc=com</P><P>ciscoasa(config-aaa-server-host)#ldap-login-dn cn=admin, cn=users, dc=ftwsecurity, dc=cisco, dc=com</P><P>ciscoasa(config-aaa-server-host)#ldap-login-password **********</P><P>ciscoasa(config-aaa-server-host)#ldap-naming-attribute sAMAccountName</P><P>ciscoasa(config-aaa-server-host)#ldap-scope subtree</P><P>ciscoasa(config-aaa-server-host)#server-type microsoft</P><P>ciscoasa(config-aaa-server-host)#exit</P><P></P><P><EM><BR /><SPAN style="color: #0000ff;">!--- Configure the tunnel group to use the new AAA setup.</SPAN><BR /></EM></P><P></P><P>ciscoasa(config)#tunnel-group ExampleGroup2 general-att</P><P>ciscoasa(config-tunnel-general)#authentication-server-group LDAP_SRV_GRP<SPAN id="mce_marker"> </SPAN></P><P>ciscoasa(config)#aaa-server LDAP_SRV_GRP protocol ldap</P><P></P><P><EM><BR /><SPAN style="color: #0000ff;">!--- Configure the AAA Server.</SPAN><BR /></EM></P><P>ciscoasa(config-aaa-server-group)#aaa-server LDAP_SRV_GRP (inside) </P><P>&nbsp;&nbsp; host 192.168.1.2</P><P>ciscoasa(config-aaa-server-host)#ldap-base-dn dc=ftwsecurity, dc=cisco, dc=com</P><P>ciscoasa(config-aaa-server-host)#ldap-login-dn cn=admin, cn=users, dc=ftwsecurity, dc=cisco, dc=com</P><P>ciscoasa(config-aaa-server-host)#ldap-login-password **********</P><P>ciscoasa(config-aaa-server-host)#ldap-naming-attribute sAMAccountName</P><P>ciscoasa(config-aaa-server-host)#ldap-scope subtree</P><P>ciscoasa(config-aaa-server-host)#server-type microsoft</P><P>ciscoasa(config-aaa-server-host)#exit</P><P></P><P><EM><BR /><SPAN style="color: #0000ff;">!--- Configure the tunnel group to use the new AAA setup.</SPAN><BR /></EM></P><P>ciscoasa(config)#tunnel-group ExampleGroup2 general-att</P><P>ciscoasa(config-tunnel-general)#authentication-server-group LDAP_SRV_GRP</P><P></P><P></P><P>Thanks</P></BODY></HTML> Mon, 25 Jul 2011 02:43:27 GMT https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667401#M535160 sidcracker 2011-07-25T02:43:27Z https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667402#M535165 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>I am sorry that you are not getting prompt replies, please feel free to post this question on the VPN section of the support forums, they are the experts and I am very sure they will be able to help you quicker on this issue. </P><P></P><P>I did a quick research and this document may help you. </P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml</A></P><P></P><P>Mike </P></BODY></HTML> Mon, 25 Jul 2011 03:25:02 GMT https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667402#M535165 Maykol Rojas 2011-07-25T03:25:02Z https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667403#M535170 <HTML><HEAD></HEAD><BODY><P> Thanks Maykol.</P><P></P><P>I will post the solution in the VPN forum</P></BODY></HTML> Mon, 25 Jul 2011 03:33:25 GMT https://community.cisco.com/t5/network-security/cisco-webvpn-with-digital-certificates/m-p/1667403#M535170 sidcracker 2011-07-25T03:33:25Z