09-07-2006 06:22 PM
Hi Forum,
I am trying to setup the webvpn on my ASA5510 7.0. I can see the welcome screen when i try to connect to the ASA but nothing beyond that. What could have I done wrong, Is there any sample configurations I can follow? How do I configure the port redirection if I want to remotely telnet to the router?
Append is my config:
thanks much,
ip local pool webvpnpool 192.168.70.30-192.168.70.254 mask 255.255.255.0
url-list KSOWebsite "KSO E-solutions" http://172.16.160.29/default.htm
url-list KSOWebsite "Komag Email Access" https://mail.komag.com.my
url-list KSO-Servers "KSVR09" cifs://172.16.160.27
url-list KSO-Servers "KSVR07" cifs://172.16.160.29
aaa-server kso-radius protocol radius
aaa-server kso-radius host 172.16.160.29
webvpn
group-policy KSOwebvpngrp internal
group-policy KSOwebvpngrp attributes
vpn-tunnel-protocol IPSec webvpn
webvpn
functions url-entry file-access file-entry file-browsing mapi port-forward
tunnel-group KSOwebvpntunnelgrp type ipsec-ra
tunnel-group KSOwebvpntunnelgrp general-attributes
address-pool webvpnpool
authentication-server-group kso-radius
accounting-server-group kso-radius
default-group-policy KSOwebvpngrp
webvpn
enable outside
nbns-server 172.16.160.31 master timeout 2 retry 2
nbns-server 172.16.160.33 timeout 2 retry 2
accounting-server-group kso-radius
authentication-server-group kso-radius
imap4s
enable outside
server 172.16.160.33
authentication-server-group kso-radius
accounting-server-group kso-radius
default-group-policy KSOwebvpngrp
authentication aaa
pop3s
enable outside
server 172.16.160.33
authentication-server-group kso-radius
accounting-server-group kso-radius
default-group-policy KSOwebvpngrp
authentication aaa
smtps
enable outside
server 172.16.160.33
authentication-server-group kso-radius
accounting-server-group kso-radius
default-group-policy KSOwebvpngrp
09-07-2006 09:35 PM
Hi .. make sure you disable ASDM access to the outside interface of teh ASA ..
The below link provides instruction that you need to follow .
I hop eit helps .. please rate it if it does !!!
09-07-2006 11:20 PM
Hi Fernando,
Thanks for your reply. I have already disable the ASDM on the external interface. however, i have no right to access the link, is there any other link that you can provide for me?
thanks,
09-08-2006 07:10 PM
Paul,
The link posted by Fernando is accessible only if you have cisco partner access.
You should have access to the below link, which is the same as the one posted by Fernando.
http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/webvpn.htm
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide