Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
488
Views
0
Helpful
0
Comments

Cisco ASA 5500 Series SSL VPN Deployment Guide for Version 8.2

Andrew Mallio
Cisco Employee
Cisco Employee

‎07-10-2009 02:26 AM - edited ‎03-08-2019 06:29 PM

Introduction

This document demonstrates key SSL VPN features and capabilities of the ASA 5500 Adaptive Security Appliance. It can help you evaluate the security appliance for your own network security needs. The Cisco ASA 5500 seriesoffers two types of SSL VPN, a key technology for remote access to corporate resources: Clientless SSL VPN provides access to Web applications, such as email, and corporate portals via Web browsers and Java components. It requires no client software.

The AnyConnect SSL VPN Client provides direct access to corporate resources, just like an IPsec client. Using Datagram Transport Layer Security (DTLS), the client improves the performance of real-time applications that are sensitive to packet delays by avoiding latency and bandwidth problems associated with some SSL-only connections. Both clientless and AnyConnect client connections use posture assessment policies. You can define these policies to evaluate whether an endpoint is a corporate or public entity with the properly configured operating systems, firewall, antivirus software, and antispyware that you require. The security appliance software includes two SSL VPN licenses, allowing two simultaneous SSL VPN connections of any combination of clientless, or client connections.

Additional Information

This document provides configuration tasks for Dynamic Access Policies (DAP)—a powerful tool for controlling access to corporate resources regardless of the location or security posture of the end user device. For a more in-depth discussion about DAP, see the white paper Dynamic Access Policies at this URL: http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

For detailed DAP configuration information, see the Understanding Policy Enforcement of Permissions and Attributes section of the Cisco Security Appliance Command Line Configuration Guide, Version 8.2 at this URL: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/config.html

We continue to document additional use cases and publish them under Selected ASDM Configuration Tasks at the following URL:  http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html

This document contains the following sections:

  • Example Network Topology, page 3
  • Initial Setup, page 3
  • Preparing for ASDM Access, page 3
  • Configuring the ASA Hostname, DNS, and Basic Routing, page 8
  • Configuring VPN Users in the Local Database, page 12
  • Configuring VPN Users on Active Directory/LDAP, page 13
  • Enabling SSL VPN on Interfaces, page 16
  • Enforcing VPN Access via Connection Profiles, Group Policies, and Customization Objects, page 19
  • Understanding Policy Enforcement of Permissions and Attributes, page 19
  • Configuring an Engineering and a Sales Connection Profile, page 19
  • Configuring Engineering and Sales Group Policies, page 21
  • Associating Group Policies Engineering and Sales to Connection Profiles, page 22
  • Creating Bookmark Lists for the Engineering and Sales Group Policies, page 23
  • Applying the Bookmark Lists to Group Policies, page 24
  • Creating WebType ACLs, page 25
  • Applying the ACLs to Group Policies, page 27
  • Creating Customization Objects for Engineering and Sales, page 28
  • Importing Web Content for use with Logos, page 30
  • Setting the Customization in the Connection Profile, page 32
  • Setting the Customization in the Group Policy, page 33
  • Establishing a Clientless Session Using the Drop-Down Menu, page 34
  • Establishing an SSL VPN Session Using a Group URL, page 35
  • Single Sign-on & URL Variable Substitution, page 36
  • Introduction to URL Variable Substitution:, page 36
  • Configuring Post Parameters for SSO with Outlook Web Access, page 38
  • Configuring Post Parameters for Single Sign-on with Citrix, page 41
  • SSO Substitution via Active Directory Attribute Mapping, page 43
  • Accessing Applications using Smart Tunnels and Plug-ins over Clientless Connections, page 48
  • Plug-ins, page 49
  • Plug-in Requirements and Restrictions, page 49
  • Smart Tunnels, page 54
  • Dynamic Access Policies (DAP), page 59
  • Using DAPs for VPN Policies (no Cisco Secure Desktop), page 59
  • Integrating Cisco Secure Desktop with DAPs, page 66
  • Advanced DAP Settings, page 78
  • AnyConnect VPN Client, page 79
  • Installing and Configuring the AnyConnect Client, page 79
  • Installing the AnyConnect Client and Configuring the Security Appliance, page 82
  • CSA Interoperability with the AnyConnect Client and Cisco Secure Desktop, page 87
  • Uninstalling the Cisco AnyConnect VPN Client, page 87
  • Sample Security Appliance Configuration for AnyConnect Client, page 88
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents