11-21-2013 08:51 AM - edited 03-11-2019 08:08 PM
Hello !!
I m posting this subject seeking support, well i have been trying to set up a clientless vpn connection on my ASA 5510, but every time i apply the configuration and try it, it's not working and i can't figure out the reason , i have been using GNS3 for a 5520 ASA and i could set up the Clientless VPN but on the live production FW which is a 5510 i always get an error page saying the requested url was not found, in addition that when typing the URL i get redirected to other sub folder, for exemple when going to https://X.X.X.X/webpn i will go under https://X.X.X.X/admin/webvpn,
I m using ASDM to set up the config but in this case i will print the command brief for the config i have done using ASDM alose but i want to mention that i didn't check the outside interface for this time to allow connection profile coming from the outside, i usually do this but i maybe forgot this time, any way it didn't work for me in both cases,
I want to mention one last thing before the config, i changed the https acces port from 443 to 60443 for security but i also tried accessing https:/:X.X.X.X:60443/webvpn with the same error page
username jneji password 39oh91mbAyDw0FqP encrypted privilege 2
username jneji attributes
service-type remote-access
group-lock value WebVPN-Connection-Profile
webvpn
hidden-shares none
file-entry enable
file-browsing enable
url-entry enable
username jneji attributes
vpn-group-policy WebVPNPolicy
group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-tunnel-protocol webvpn
banner none
banner value Hello World !!
tunnel-group WebVPN-Connection-Profile type remote-access
tunnel-group WebVPN-Connection-Profile general-attributes
default-group-policy WebVPNPolicy
tunnel-group WebVPN-Connection-Profile webvpn-attributes
group-alias WebVPN enable
group-url https://X.X.X.X/webvpn enable
I did ceated the group policy first, the connection profile and finaly the user and linked them all together,
feel free to ask any question
Thanks in advance.
Cordially
11-24-2013 09:13 AM
You do not have the following configuration in your output...add this and test again.
webvpn
enable outside
--
Please rate all helpful posts.
11-24-2013 09:15 AM
where outside is the name of the interface that you want the VPN to terminate on.
--
Please rate all helpful posts
11-24-2013 04:53 PM
Hello
I have adjusted the config as you suggested
webvpn
enable outside
username JNEJI password XXkekkYMLpfun3!9ujxtYWy4RS4PzH9eZgf encrypted privilege 2
username JNEJI attributes
service-type remote-access
group-lock value WebVPN-Connection-Profile
vpn-group-policy WebVPN-Policy
group-policy WebVPN-Policy internal
group-policy WebVPN-Policy attributes
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-tunnel-protocol webvpn
webvpn
hidden-shares none
file-entry enable
file-browsing enable
url-entry enable
group-policy WebVPN-Policy attributes
banner none
banner value THIS IS A PRIVATE NETWORK SYSTEM !!!
tunnel-group WebVPN-Connection-Profile type remote-access
tunnel-group WebVPN-Connection-Profile general-attributes
default-group-policy WebVPN-Policy
tunnel-group WebVPN-Connection-Profile webvpn-attributes
group-alias WebVPN enable
group-url https://X.X.X.X/webvpn enable
But its not working,
BTW i have found a static nat rule saying to rediredt all traffic comming on HTTPS port to an old web server IP and i deleted it, but still dont work
Here the image of the error attached
11-24-2013 11:48 PM
Do you get to the login screen or do you get the 404 error right away?
11-24-2013 11:55 PM
I think this is your issue
group-url https://X.X.X.X/webvpn enable
You have specified a group-policy that is not configured. Change it to the following and test.
group-url https://X.X.X.X/WebVPN-Policy enable
--
Please rate all helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide