03-22-2007 11:46 PM
Hi,
I have configured WebVPN client using Cisco SSL VPN client on VPN Concentrator 3030. But every time the user logs in, the Client software get installed. Is there anyway to avoid this and configure in such a way that after the user gets authenticated, he can directly get access to internal network without installing the client software every time.
fahim
03-23-2007 05:59 AM
Fahim,
If you go to the webvpn tab in the group that the users are connecting, you have options for
Require Cisco SSL VPN Client
Keep Cisco SSL VPN Client.
You might want to choose Keep Cisco SSL VPN client - This would keep the installer in the machine that is trying to authenticate and will not install everytime the user logs in.
Or If you have Inherit checked, make sure you change that on Base-Group.
Rate this post, if it helps.
Cheers
Gilbert
03-26-2007 04:31 AM
Gilbert,
thanks for the suggestion. one more question.. during the connection, the windows prompts for 3-4 message box where we have to press yes every time we try to connect. Is it possible to avoid that.
Regards,
Fahim
03-24-2007 02:06 PM
We will also configure the browser by adding the VPN url as a trusted site and to not prompt for downloading activex.
03-26-2007 04:26 AM
okay thanks a lot.. this helped.. one more question.. while connecting, 3-4 message boxes are prompted and every time we have to press YES. can this be avoided. if not all atleast the one which gives error message.
03-26-2007 01:05 PM
You are probably getting certificate errors because by default the ASA uses its own certificate for the outside interface.
When you connect to an SSL website, your browser checks the site for a valid certificate from an authority like Verisign. If you went this route, you would need to buy a Verisign certificate and apply it to the outside inteface as a trustpoint.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807c2151.shtml
Another opion you have is to create your own certificate in the ASA, then manually install this certificate by adding it to your browser's trusted root certificate store. You will need to click through and install the certificate on the client's machine through the web browser. You may not want to do this.
03-29-2007 05:54 AM
Fahim -
What Kevin said is correct. Except you are using a VPN 3000 concentrator.
So, you just need to import that certificate given by the concentrator into your browser trusted certificates and you should be good to go.
Thanks
Gilbert
04-23-2007 07:41 PM
Hello Gilbert,
I'm facing the same issues with the same prompts and alerts about certificates. The problem is a bit worse because I'm also using Cisco Secure Desktop, and that 'masquerades' one of the alerts - it stays behind the secure desktop - making it difficult for the end user to find and accept it.
well, I'm not sure if there is an actual solution for that, other than importing the certificate the browser's trusted certificates, or acquiring an verifiable certificate.
if you have any idea that can help me....
thanks !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide