10-20-2008 09:53 PM
Hi,
We are in process of setting up the new infrastructre with 5520 series FW, with VPN for our customers
1. can i configure the SSl vpn & Client based vpn is same fw. If yes how?
2. after connecting to SSL vpn (https), is it possible to open my application using http://example.com
Please respond ASAP, ii is very important for me
10-21-2008 01:57 AM
To answer you questions:-
1) Yes - see the attached link for ALL config examples:-
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
2) Yes - you would have to config "bookmarks" for the specific service/application
HTH>
10-21-2008 02:04 AM
Thx, i will try & let u know
10-21-2008 09:36 PM
Hi,
with the help of ur link, I configured the SSL VPN (SVC). i able to connect but the web application (http://x.x.x.x ) is not able to open.
Please help I am running short of time for this project.
10-22-2008 12:45 AM
Did you actually follow the config example, you have to configure other options to allow access thru the SSL session.
if you just try and connect via another browser window, or over write the URL in the current session it will NOT work.
It all has to be part of the same SSL session. Read the below URL:-
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00806ea271.shtml
HTH>
10-22-2008 01:02 AM
andrew,
Now I am able to connect to ssl vpn(SVC) & application also.
At the same i am able to do RDP to the appl server, i want to block this how do i do?
10-22-2008 01:08 AM
You need to disable the RDP Java Applete or Deny RDP in the SSl session.
HTH>
10-22-2008 01:33 AM
You mean to say create the ACL in WEB VPN for blocking rdp
10-22-2008 01:36 AM
What device do you have?
What version of IOS are you running?
10-22-2008 01:39 AM
I have configured it on 5505 FW which is 7.2(3). let me know u required any config output
10-22-2008 01:43 AM
I did not know that you could allow RDP from the URL bar in 7.x - I thought the functionality was introduced in version 8.x
Are you using clientless, thin-client or full client SSL access?
10-22-2008 01:49 AM
I have configured SSl VPN Client (SVC)
10-22-2008 01:52 AM
Which is the full client - so yes you will have to configure some kind of ACL to block RDP traffic.
HTH>
10-22-2008 02:09 AM
Thks, really helpful
10-22-2008 02:11 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide