Solved

How to enable the web interface on an Cisco ASA 5510

Posted on 2010-09-23
5
2,675 Views
Last Modified: 2013-11-16
We have Cisco ASA 5510 and I am looking to enable the Remote access VPN. I know you have to purchase additional licenses for the clientless vpn but I want to enable a public ip that employees can go to and lig into with their Domain credentials. I know you can create a login page and users can see links for the comapny portal, Time entry software, and other customized links. How do i enable this? Does I have to purchase any additional software for the ASA or does it come with this out of the box?
0
Comment
Question by:dolphan757
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:InteraX
ID: 33745115
If you want the IPSEC based VPN, you don't need an additional license. You only need the additional license for the SSL VPN, client based or clientless.

You can handle some forms of authentication on the ASA, but without the SSL bits, I'm not sure how much of what you are asking is achieveable.

I will double check the documentation for you.
0
 
LVL 16

Accepted Solution

by:
InteraX earned 500 total points
ID: 33745264
Authentication can be enabled on the ASA for the following protocols.

FTP, Telnet, HTTP & HTTPS

The behaviour you describe in the original question sounds like the SSL clientless VPN solution. This will require the SSL VPN licenses. You should already have 2 with the device for trial purposes.
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33778845

Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if available,
with a maximum of 32 ASDM instances between all contexts.
Note WebVPN and ASDM administration cannot be enabled on the same interface. If you enable WebVPN
on an interface, then that interface cannot be used for ASDM.
To configure ASDM access, follow these steps:
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the
following command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
Step 2 To enable the HTTPS server, enter the following command:
hostname(config)# http server enable
Step 3 To specify the location of the ASDM image, enter the following command:
hostname(config)# asdm image disk0:/asdmfile
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside

0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33779008
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33806671
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/setup.html

Alternatively, you can add the following config lines:
http server enable
http <IPaddress> <mask> <interface>
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Let’s list some of the technologies that enable smooth teleworking. 
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question