cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
938
Views
6
Helpful
7
Replies
fahimkm81
Beginner

VPN Concentrator- WebVPN using Cisco SSL Client

Hi,

I have configured WebVPN client using Cisco SSL VPN client on VPN Concentrator 3030. But every time the user logs in, the Client software get installed. Is there anyway to avoid this and configure in such a way that after the user gets authenticated, he can directly get access to internal network without installing the client software every time.

fahim

7 REPLIES 7
ggilbert
Cisco Employee

Fahim,

If you go to the webvpn tab in the group that the users are connecting, you have options for

Require Cisco SSL VPN Client

Keep Cisco SSL VPN Client.

You might want to choose Keep Cisco SSL VPN client - This would keep the installer in the machine that is trying to authenticate and will not install everytime the user logs in.

Or If you have Inherit checked, make sure you change that on Base-Group.

Rate this post, if it helps.

Cheers

Gilbert

Gilbert,

thanks for the suggestion. one more question.. during the connection, the windows prompts for 3-4 message box where we have to press yes every time we try to connect. Is it possible to avoid that.

Regards,

Fahim

h.parsons
Participant

We will also configure the browser by adding the VPN url as a trusted site and to not prompt for downloading activex.

okay thanks a lot.. this helped.. one more question.. while connecting, 3-4 message boxes are prompted and every time we have to press YES. can this be avoided. if not all atleast the one which gives error message.

You are probably getting certificate errors because by default the ASA uses its own certificate for the outside interface.

When you connect to an SSL website, your browser checks the site for a valid certificate from an authority like Verisign. If you went this route, you would need to buy a Verisign certificate and apply it to the outside inteface as a trustpoint.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807c2151.shtml

Another opion you have is to create your own certificate in the ASA, then manually install this certificate by adding it to your browser's trusted root certificate store. You will need to click through and install the certificate on the client's machine through the web browser. You may not want to do this.

Fahim -

What Kevin said is correct. Except you are using a VPN 3000 concentrator.

So, you just need to import that certificate given by the concentrator into your browser trusted certificates and you should be good to go.

Thanks

Gilbert

Hello Gilbert,

I'm facing the same issues with the same prompts and alerts about certificates. The problem is a bit worse because I'm also using Cisco Secure Desktop, and that 'masquerades' one of the alerts - it stays behind the secure desktop - making it difficult for the end user to find and accept it.

well, I'm not sure if there is an actual solution for that, other than importing the certificate the browser's trusted certificates, or acquiring an verifiable certificate.

if you have any idea that can help me....

thanks !

Create
Recognize Your Peers
Content for Community-Ad