Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1186
Views
0
Helpful
4
Replies

Cisco Webvpn with digital certificates

sidcracker
Level 1
Level 1

‎07-24-2011 07:12 PM - edited ‎03-11-2019 02:03 PM

Hello,

I am very new to webvpn and digital certificates. I have to configure a cisco webvpn solution using digital certificates (for now its self signed). I also need to publish an internal url to the ssl vpn. They have an acive directory server for authentication purposes and the protocol to be used in LDAP. I would need to provide java rdp access to that url.

Can some one point me to the right direction on how I should be starting to work on this solution. I have seen a few configuration examples on Cisco site but some are there without digital certs and some are there with them. I am just a bit confused on which to follow.

Your help will be very much appreciated

Thanks

Labels:
0 Helpful
4 Replies 4

sidcracker
Level 1
Level 1

‎07-24-2011 07:37 PM

When we are defining specific urls to be accessed on the corporate site, should the following process be folowed?

1. Defining the webvpn functions under group policy eg.

group-policy GroupPolicy1 internal

group-policy GroupPolicy1 attributes

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

webvpn

  functions url-entry file-access file-entry file-browsing mapi port-forward filter

   http-proxy auto-download citrix

2. Configuring the group policy on the tunnel group eg.

tunnel-group DefaultWEBVPNGroup general-attributes

default-group-policy GroupPolicy1

3. Configuring the URL list on which resources to be accessible eg.

webvpn

enable outside

url-list ServerList "WSHAWLAP" cifs://10.2.2.2 1

url-list ServerList "FOCUS_SRV_1" https://10.2.2.3 2

url-list ServerList "FOCUS_SRV_2" http://10.2.2.4 3

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Questions

1. How do I configure active directory authentication on the ASA. The users should be authenticated by AD before accessing the resources

2. What is the purpose of the digital certificate and how do i configure it for webvpn to use it?

Thanks

0 Helpful

sidcracker
Level 1
Level 1
In response to sidcracker

‎07-24-2011 07:43 PM

COuld someone tell me if this is the way to authenticate LDAP with ASA. Will this take Active Directory authentication

ciscoasa(config)#aaa-server LDAP_SRV_GRP protocol ldap


!--- Configure the AAA Server.

ciscoasa(config-aaa-server-group)#aaa-server LDAP_SRV_GRP (inside)

   host 192.168.1.2

ciscoasa(config-aaa-server-host)#ldap-base-dn dc=ftwsecurity, dc=cisco, dc=com

ciscoasa(config-aaa-server-host)#ldap-login-dn cn=admin, cn=users, dc=ftwsecurity, dc=cisco, dc=com

ciscoasa(config-aaa-server-host)#ldap-login-password **********

ciscoasa(config-aaa-server-host)#ldap-naming-attribute sAMAccountName

ciscoasa(config-aaa-server-host)#ldap-scope subtree

ciscoasa(config-aaa-server-host)#server-type microsoft

ciscoasa(config-aaa-server-host)#exit


!--- Configure the tunnel group to use the new AAA setup.

ciscoasa(config)#tunnel-group ExampleGroup2 general-att

ciscoasa(config-tunnel-general)#authentication-server-group LDAP_SRV_GRP

ciscoasa(config)#aaa-server LDAP_SRV_GRP protocol ldap


!--- Configure the AAA Server.

ciscoasa(config-aaa-server-group)#aaa-server LDAP_SRV_GRP (inside)

   host 192.168.1.2

ciscoasa(config-aaa-server-host)#ldap-base-dn dc=ftwsecurity, dc=cisco, dc=com

ciscoasa(config-aaa-server-host)#ldap-login-dn cn=admin, cn=users, dc=ftwsecurity, dc=cisco, dc=com

ciscoasa(config-aaa-server-host)#ldap-login-password **********

ciscoasa(config-aaa-server-host)#ldap-naming-attribute sAMAccountName

ciscoasa(config-aaa-server-host)#ldap-scope subtree

ciscoasa(config-aaa-server-host)#server-type microsoft

ciscoasa(config-aaa-server-host)#exit


!--- Configure the tunnel group to use the new AAA setup.

ciscoasa(config)#tunnel-group ExampleGroup2 general-att

ciscoasa(config-tunnel-general)#authentication-server-group LDAP_SRV_GRP

Thanks

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to sidcracker

‎07-24-2011 08:25 PM

Hi,

I am sorry that you are not getting prompt replies, please feel free to post this question on the VPN section of the support forums, they are the experts and I am very sure they will be able to help you quicker on this issue.

I did a quick research and this document may help you.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808b3cff.shtml

Mike

Mike
0 Helpful

sidcracker
Level 1
Level 1
In response to Maykol Rojas

‎07-24-2011 08:33 PM

Thanks Maykol.

I will post the solution in the VPN forum

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card