ASA 5505ASA 5505SSL VPNSSL VPN

Joe CiceroJoe CiceroNortheast Wisconsin Technical CollegeNortheast Wisconsin Technical College

About SSL VPN Client ConnectionsAbout SSL VPN Client Connections

With an SSL VPN client setup, remote With an SSL VPN client setup, remote users do not need to install a software users do not need to install a software client before attempting to establish a client before attempting to establish a connection. connection.

With correct credentials any user with a With correct credentials any user with a browser can connect to internal resources browser can connect to internal resources on the networkon the network

Starting the “SSL VPN Wizard”Starting the “SSL VPN Wizard”

Setting Your Connection TypeSetting Your Connection Type

The ASA 5505 provides two types of SSL The ASA 5505 provides two types of SSL VPN Access. VPN Access. – Clientless SSL VPN Access, no additional Clientless SSL VPN Access, no additional

software is downloaded and installed to obtain software is downloaded and installed to obtain access to access to SUPPORTEDSUPPORTED internal resources. internal resources.

– Cisco SSL VPN Client (Anyconnect VPN Cisco SSL VPN Client (Anyconnect VPN Client), The ASA pushes a self-installing client Client), The ASA pushes a self-installing client to the remote PC that allows to the remote PC that allows FULLFULL, secure , secure access to internal resource.access to internal resource.

Setting Your Connection TypeSetting Your Connection Type

Interface, Certificate, and Group Interface, Certificate, and Group SettingsSettings

Connection NameConnection Name– Provide a connection name for this group of connection-oriented Provide a connection name for this group of connection-oriented

attributes. attributes.

SSL VPN InterfaceSSL VPN Interface– Specify the interface to allow SSL VPN connections. Specify the interface to allow SSL VPN connections.

Digital CertificateDigital Certificate– Specify a certificate, if any, that the security appliance sends to Specify a certificate, if any, that the security appliance sends to

the remote PC. the remote PC.

Connection Group SettingsConnection Group Settings– You can enable the security appliance to display a group alias You can enable the security appliance to display a group alias

for this connection on the login page. for this connection on the login page. – Display Group Alias list at the login page—Enable to display the Display Group Alias list at the login page—Enable to display the

group alias. group alias.

Setting the VPN InterfaceSetting the VPN Interface

Configuring User AuthenticationConfiguring User Authentication

Authenticate using a AAA server group—Enable to let Authenticate using a AAA server group—Enable to let the security appliance contact a remote AAA server the security appliance contact a remote AAA server group to authenticate the user. group to authenticate the user. AAA Server Group Name—Select a AAA server group AAA Server Group Name—Select a AAA server group from the list of pre-configured groups, or click from the list of pre-configured groups, or click NewNew to to create a new group. create a new group. Authenticate using the local user database—Add new Authenticate using the local user database—Add new users to the local database stored on the security users to the local database stored on the security appliance. appliance. – Username—Create a username for the user. Username—Create a username for the user. – Password—Create a password for the user. Password—Create a password for the user. – Confirm Password—Re-type the same password to confirm. Confirm Password—Re-type the same password to confirm. – Add/Delete—Add or delete the user from the local database. Add/Delete—Add or delete the user from the local database.

Configuring User AuthenticationConfiguring User Authentication

Defining a Group PolicyDefining a Group Policy

Group policies configure common Group policies configure common attributes for groups of users. Create a attributes for groups of users. Create a new group policy or select an existing one new group policy or select an existing one to modify. to modify. Create new group policyCreate new group policy– Enable to create a new group policy. Provide Enable to create a new group policy. Provide

a name for the new policy. a name for the new policy.

Modify existing group policyModify existing group policy– Select an existing group policy to modify. Select an existing group policy to modify.

Defining a Group PolicyDefining a Group Policy

Creating a Bookmark ListCreating a Bookmark List

Bookmark lists appear on the portal page Bookmark lists appear on the portal page for Clientless, browser-based connections. for Clientless, browser-based connections. SSL VPN client users can see these SSL VPN client users can see these bookmarks to enable easy access to bookmarks to enable easy access to resources. resources.

Bookmark ListBookmark List– Select an existing list or click Select an existing list or click ManageManage to to

create a new list, or import or export create a new list, or import or export bookmark lists. bookmark lists.

Creating a Bookmark ListCreating a Bookmark List

Confirming No BookmarkConfirming No Bookmark

Summary ScreenSummary Screen

Client ConnectionClient Connection

To connect to the SSL VPN you simply To connect to the SSL VPN you simply use a browser to connect to the external use a browser to connect to the external interface of your ASA 5505 via https!interface of your ASA 5505 via https!

The following pages will show you what The following pages will show you what the SSL VPN looks like from a Mozilla the SSL VPN looks like from a Mozilla client.client.

Client ConnectionClient Connection

You will need to accept certificatesYou will need to accept certificates

Questions / CommentsQuestions / Comments