Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
1
Replies

Cisco ASA Clientless SSL VPN Apply Tunnel Group

a.mirkhan562345
Level 1
Level 1

‎11-22-2021 12:52 AM

I'm trying to implement the answer from a previous question I've asked (Cisco ASA Clientless SSL VPN Restrict Network Access)

My ultimate aim is to set up an SSL VPN on a Cisco ASA device to allow access to a specific DMZ area for clients of an imaginary company (uni project).

I've added the below lines to the config but I'm stuck with how to "apply" or "enable" this tunnel group separately from the default webvpn enabled in the first lines. Do I apply it to the outside interface somehow, or is it something to do with the IP Address/URL that the user uses to access the service?

webvpn
enable outside
exit

access-list CLIENT-VPN-LIST extended permit tcp object net-outside object net-dmz-client-server eq 3389
access-list CLIENT-VPN-LIST extended deny ip any any

group-policy CLIENT-VPN-POLICY internal
group-policy CLIENT-VPN-POLICY attributes
vpn-filter value CLIENT-VPN-LIST

tunnel-group CLIENT-VPN-GROUP type webvpn
tunnel-group CLIENT-VPN-GROUP general-attributes
authorization-required
default-group-policy CLIENT-VPN-POLICY

Edited to remove various outputs requested to help me get things correct that will only make this question confusing.

OLANSIAR
Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎11-22-2021 05:31 AM

Hi @a.mirkhan562345 there are a couple of different ways to do this.

 

You could either use a group-url or group-alias and get the users to select which tunnel group to connect to. Examples of both:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

 

0 Helpful
Customers Also Viewed These Support Documents