06-01-2022 07:55 AM
HI,
we currently have a remote access VPN for our 3rd parties which is client less and perhaps due to missconfiguration it also installs client on their mahcine (whihc never gets used), here is the current cofnig:
"show vpn-sessiondb anyconnect " shows the following:
Protocol : IKEv2 IPsecOverNatT Clientless
License : AnyConnect Premium
Encryption : IKEv2: (1)AES256 IPsecOverNatT: (1)AES256 Clientless: (1)AES-GCM-256
Hashing : IKEv2: (1)SHA1 IPsecOverNatT: (1)SHA1 Clientless: (1)SHA384
Bytes Tx : 1280101 Bytes Rx : 218580
Group Policy : abc1234 Tunnel Group : DefaultWEBVPNGroup
the group policy used shows the following:
show running-config group-policy DfltGrpPolicy
group-policy DfltGrpPolicy attributes
vpn-simultaneous-logins 1
vpn-idle-timeout 60
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client
also, "show vpn-sessiondb webvpn" shows no client connected.
but since Cisco, doesnt support any other browser and IE is obsolete now, what are our best options? if move to a client based, how would we deliver the vpn profile? and what changes would we need to make to our configuration?
I look forward to hearing from you.
regards,
ali
06-01-2022 08:19 AM
check clientless SSL VPNs
https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html
06-01-2022 08:21 AM
what model of ASA and what code running. (we generally use Any connect )
i do remember other browsers supported, have you tried any other browser, (most browsers latest one do not support legacy SSL/TLS, so you need to upgrade version of code also)
https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html
06-01-2022 08:30 AM
@ali007 clientless VPN is depreciated from ASA 9.17, so your option is to utilise AnyConnect client.
Use SSL Client instead of IKEv2/IPSec then you do not need to provision an XML configuration profile, the contractors can just connect to the tunnel-group alias/url.
06-03-2022 01:45 AM
Thanks @Rob Ingram
06-03-2022 01:49 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide