• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2986
  • Last Modified:

How to enable the web interface on an Cisco ASA 5510

We have Cisco ASA 5510 and I am looking to enable the Remote access VPN. I know you have to purchase additional licenses for the clientless vpn but I want to enable a public ip that employees can go to and lig into with their Domain credentials. I know you can create a login page and users can see links for the comapny portal, Time entry software, and other customized links. How do i enable this? Does I have to purchase any additional software for the ASA or does it come with this out of the box?
0
dolphan757
Asked:
dolphan757
  • 3
  • 2
1 Solution
 
InteraXCommented:
If you want the IPSEC based VPN, you don't need an additional license. You only need the additional license for the SSL VPN, client based or clientless.

You can handle some forms of authentication on the ASA, but without the SSL bits, I'm not sure how much of what you are asking is achieveable.

I will double check the documentation for you.
0
 
InteraXCommented:
Authentication can be enabled on the ASA for the following protocols.

FTP, Telnet, HTTP & HTTPS

The behaviour you describe in the original question sounds like the SSL clientless VPN solution. This will require the SSL VPN licenses. You should already have 2 with the device for trial purposes.
0
 
DIPRAJCommented:

Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if available,
with a maximum of 32 ASDM instances between all contexts.
Note WebVPN and ASDM administration cannot be enabled on the same interface. If you enable WebVPN
on an interface, then that interface cannot be used for ASDM.
To configure ASDM access, follow these steps:
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the
following command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
Step 2 To enable the HTTPS server, enter the following command:
hostname(config)# http server enable
Step 3 To specify the location of the ASDM image, enter the following command:
hostname(config)# asdm image disk0:/asdmfile
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside

0
 
DIPRAJCommented:
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/setup.html

Alternatively, you can add the following config lines:
http server enable
http <IPaddress> <mask> <interface>
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now