Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to enable the web interface on an Cisco ASA 5510

Posted on 2010-09-23
5
Medium Priority
?
2,776 Views
Last Modified: 2013-11-16
We have Cisco ASA 5510 and I am looking to enable the Remote access VPN. I know you have to purchase additional licenses for the clientless vpn but I want to enable a public ip that employees can go to and lig into with their Domain credentials. I know you can create a login page and users can see links for the comapny portal, Time entry software, and other customized links. How do i enable this? Does I have to purchase any additional software for the ASA or does it come with this out of the box?
0
Comment
Question by:dolphan757
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:InteraX
ID: 33745115
If you want the IPSEC based VPN, you don't need an additional license. You only need the additional license for the SSL VPN, client based or clientless.

You can handle some forms of authentication on the ASA, but without the SSL bits, I'm not sure how much of what you are asking is achieveable.

I will double check the documentation for you.
0
 
LVL 16

Accepted Solution

by:
InteraX earned 2000 total points
ID: 33745264
Authentication can be enabled on the ASA for the following protocols.

FTP, Telnet, HTTP & HTTPS

The behaviour you describe in the original question sounds like the SSL clientless VPN solution. This will require the SSL VPN licenses. You should already have 2 with the device for trial purposes.
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33778845

Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if available,
with a maximum of 32 ASDM instances between all contexts.
Note WebVPN and ASDM administration cannot be enabled on the same interface. If you enable WebVPN
on an interface, then that interface cannot be used for ASDM.
To configure ASDM access, follow these steps:
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the
following command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
Step 2 To enable the HTTPS server, enter the following command:
hostname(config)# http server enable
Step 3 To specify the location of the ASDM image, enter the following command:
hostname(config)# asdm image disk0:/asdmfile
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside

0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33779008
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33806671
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/setup.html

Alternatively, you can add the following config lines:
http server enable
http <IPaddress> <mask> <interface>
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question