07-24-2012 03:49 AM
I would like to know if Cisco ASA or IOS router can be a client of SSL VPN ? Thanks.
Solved! Go to Solution.
07-25-2012 10:26 AM
I am glad to hear that.
Indeed the ASA5505 and Cisco Routers can be EzVPN clients.
Please mark this question as answered if you do not have any further questions.
Let me know.
Rate any post you find helpful.
07-26-2012 05:48 AM
07-24-2012 06:39 AM
Hi Hui,
Yes. Of course in cleint end all you need to allow only the specific ports for connecting with the VPN server. In case of SSL you need to allow the specific ports like 443 in the client end firewall or router specific to the VPN peer. That will work.
Please do rate if the given information helps.
By
Karthik
07-24-2012 11:16 AM
Thanks Karthik,
Your answer is real encourage me.
For my understanding, to be a client of ssl vpn, it has to initiate the ssl vpn session and points to the ssl vpn server. Could you please let me know how to input these commands into ASA ?
Best Regards,
Hui
07-24-2012 01:17 PM
You can use the ASDM and there is a wizard for all kind of VPNs.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
Saludos,
Jose Luis B.
No te olvides de calificar si te sirvio la ayuda.
Please do rate if the given information helps.
07-24-2012 11:43 PM
Hi Hui,
Yes. You can just allow port 443 (https) in your ASA/Router towards the SSL VPN server. That will make that to work.
Just an simple acl like the below
access-list insidetooutside extended permit tcp
Please do rate if the given information helps.
By
Karthik
07-24-2012 11:54 PM
Hui,
Are you asking of you can setup a site-to-site tunnel using ssl? I dont think you can since you can't set the ios device as an ssl client. I think there may be some confusion because your questions seems to be asking if the router and the ASA can have a client to server ssl vpn relationship. If that is your question then know, for site-to-site tunnels ssl is not a method you can use or atleast I havent heard of one.
thanks,
Tarik Admani
*Please rate helpful posts*
07-25-2012 05:57 AM
Thanks Tarik,
That's my question. I'd like to know if the ASA can be the client of SSL VPN to terminate the SSL VPN and decrypt the traffic and then the ASA can route it again. The same function as site-to-site VPN. But for SSL I would have to call it client-to-server SSL VPN (it only can initiate the session from client). Even for IOS router, I could not find any model support this function -- be a client fo SSL VPN.
07-25-2012 06:04 AM
Hi Karthik,
Thanks for your reply.
It's good to allow the SSL traffic come in from tcp 443, but the SSL VPN server could not initiate the SSL session. I think as a client of SSL VPN, the ASA needs to be configured with commands which point to the server.
Hui
07-25-2012 10:07 AM
Dear Hui,
I am sorry but I am afraid to disagree with the previous posts.
Neither the Router or the ASA can act as SSL clients, they can be servers for SSL connections such as AnyConnect and WebVPN, but not clients.
Am I getting your question wrong?
Let me know.
Thanks.
Please rate if you find it helpful.
07-25-2012 10:21 AM
Hi Javier,
Thanks for your timely reply. Your answered my question with"Neither the Router or the ASA can act as SSL clients".
If ASA or IOS router can act as SSL client, that would be helpful, Like IPSec EZVPN, routers can play the role of client.
Hui
07-25-2012 10:26 AM
I am glad to hear that.
Indeed the ASA5505 and Cisco Routers can be EzVPN clients.
Please mark this question as answered if you do not have any further questions.
Let me know.
Rate any post you find helpful.
07-25-2012 10:30 PM
Hi Hui,
Kindly Regret. If my earlier posts were wrong. I totally misunderstood your query.
By
Karthik
07-26-2012 05:48 AM
Hi Karthik,
I give you five stars
Have a good one!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide