cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
545
Views
0
Helpful
1
Replies
rroulhac
Cisco Employee

AnyConnect 4.x & SharePoint + Outlook WebAccess

All,

A Few questions around ANyCOnnect 4.x.

1. Do we currently support accessing SharePoint via AnyConnet Clientless SSL VPN through the ASA?

2. I know that we support Outlook Web Access, the question is can we limit what a user is able to do once they open the outlook web application via the VPN profile?

Thanks for the assistance.

--

Grace and Peace,

Robert E Roulhac Jr

1 ACCEPTED SOLUTION

Accepted Solutions
pcarco
Cisco Employee

Hello,

AnyConnect and Clientless (WebVPN) are two very different solutions.

AnyConnect is a full tunnel so SharePoint will of course work just as if you were local on the network.

We do have SharePoint 2013 support for Clientless (Webvpn) it is defined as a bookmark on the portal the user access with only their browser.  CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.7 - Clientless SSL VPN Overview [Cisco ASA 5500-X Series F…

Clientless SSL VPN SharePoint 2013 Support (last updated in ASA 9.5.1 )

Added support and a predefined application template for this new SharePoint version.

We modified the following screen: Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Bookmarks > Add Bookmark List > Select Bookmark Type > Predefined application templates

Cisco ASA New Features by Release - Cisco

Clientless SSL VPN provides secure and easy access to a broad range of web resources and both web-enabled and legacy applications from almost any computer that can reach Hypertext Transfer Protocol Internet (HTTP) sites. This includes:

  • Internal websites
  • Microsoft SharePoint 2003, 2007, and 2010 (2013 as mentioned above)
  • Microsoft Outlook Web Access 2003, 2007, and 2013
  • Microsoft Outlook Web App 2010
  • Domino Web Access (DWA) 8.5 and 8.5.1
  • Citrix Metaframe Presentation Server 4.x
  • Citrix XenApp Version 5 to 6.5
  • Citrix XenDesktop Version 5 to 5.6, and 7.5
  • VMware View 4

A list of supported software can be found in Supported VPN Platforms, Cisco ASA 5500 Series.

Configure Clientless SSL VPN (WebVPN) on the ASA - Cisco

In regards to Question 2 .  What are you tryint to restrict ?

CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.7 - Advanced Clientless SSL VPN Configuration [Cisco ASA 55…

You could use a webacl to restrict access ie, launch another page

Webtype ACLs are used for filtering clientless SSL VPN traffic, constraining user access to specific networks, subnets, hosts, and Web servers. If you do not define a filter, all connections are allowed. A webtype ACL is represented as a named container of ACEs. To create a new ACL, you must first create the container. Then, you can add ACEs, edit existing ACEs, and reorder the ACEs using the Web ACL table. The table appears as the ACL Manager when you configure webtype ACLs while configuring the policies that use them, in which case the procedures are the same except for how you get to the window. 

The webtype ACL can include a mix of IPv4 and IPv6 addresses in addition to URL specifications

nandakum

Best regards,

Paul

AC TME

View solution in original post

1 REPLY 1
pcarco
Cisco Employee

Hello,

AnyConnect and Clientless (WebVPN) are two very different solutions.

AnyConnect is a full tunnel so SharePoint will of course work just as if you were local on the network.

We do have SharePoint 2013 support for Clientless (Webvpn) it is defined as a bookmark on the portal the user access with only their browser.  CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.7 - Clientless SSL VPN Overview [Cisco ASA 5500-X Series F…

Clientless SSL VPN SharePoint 2013 Support (last updated in ASA 9.5.1 )

Added support and a predefined application template for this new SharePoint version.

We modified the following screen: Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Bookmarks > Add Bookmark List > Select Bookmark Type > Predefined application templates

Cisco ASA New Features by Release - Cisco

Clientless SSL VPN provides secure and easy access to a broad range of web resources and both web-enabled and legacy applications from almost any computer that can reach Hypertext Transfer Protocol Internet (HTTP) sites. This includes:

  • Internal websites
  • Microsoft SharePoint 2003, 2007, and 2010 (2013 as mentioned above)
  • Microsoft Outlook Web Access 2003, 2007, and 2013
  • Microsoft Outlook Web App 2010
  • Domino Web Access (DWA) 8.5 and 8.5.1
  • Citrix Metaframe Presentation Server 4.x
  • Citrix XenApp Version 5 to 6.5
  • Citrix XenDesktop Version 5 to 5.6, and 7.5
  • VMware View 4

A list of supported software can be found in Supported VPN Platforms, Cisco ASA 5500 Series.

Configure Clientless SSL VPN (WebVPN) on the ASA - Cisco

In regards to Question 2 .  What are you tryint to restrict ?

CLI Book 3: Cisco ASA Series VPN CLI Configuration Guide, 9.7 - Advanced Clientless SSL VPN Configuration [Cisco ASA 55…

You could use a webacl to restrict access ie, launch another page

Webtype ACLs are used for filtering clientless SSL VPN traffic, constraining user access to specific networks, subnets, hosts, and Web servers. If you do not define a filter, all connections are allowed. A webtype ACL is represented as a named container of ACEs. To create a new ACL, you must first create the container. Then, you can add ACEs, edit existing ACEs, and reorder the ACEs using the Web ACL table. The table appears as the ACL Manager when you configure webtype ACLs while configuring the policies that use them, in which case the procedures are the same except for how you get to the window. 

The webtype ACL can include a mix of IPv4 and IPv6 addresses in addition to URL specifications

nandakum

Best regards,

Paul

AC TME

View solution in original post

Content for Community-Ad