Solved

How to enable the web interface on an Cisco ASA 5510

Posted on 2010-09-23
5
2,632 Views
Last Modified: 2013-11-16
We have Cisco ASA 5510 and I am looking to enable the Remote access VPN. I know you have to purchase additional licenses for the clientless vpn but I want to enable a public ip that employees can go to and lig into with their Domain credentials. I know you can create a login page and users can see links for the comapny portal, Time entry software, and other customized links. How do i enable this? Does I have to purchase any additional software for the ASA or does it come with this out of the box?
0
Comment
Question by:dolphan757
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:InteraX
ID: 33745115
If you want the IPSEC based VPN, you don't need an additional license. You only need the additional license for the SSL VPN, client based or clientless.

You can handle some forms of authentication on the ASA, but without the SSL bits, I'm not sure how much of what you are asking is achieveable.

I will double check the documentation for you.
0
 
LVL 16

Accepted Solution

by:
InteraX earned 500 total points
ID: 33745264
Authentication can be enabled on the ASA for the following protocols.

FTP, Telnet, HTTP & HTTPS

The behaviour you describe in the original question sounds like the SSL clientless VPN solution. This will require the SSL VPN licenses. You should already have 2 with the device for trial purposes.
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33778845

Allowing HTTPS Access for ASDM
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the security
appliance. All of these tasks are completed if you use the setup command. This section describes how
to manually configure ASDM access.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if available,
with a maximum of 32 ASDM instances between all contexts.
Note WebVPN and ASDM administration cannot be enabled on the same interface. If you enable WebVPN
on an interface, then that interface cannot be used for ASDM.
To configure ASDM access, follow these steps:
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the
following command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
Step 2 To enable the HTTPS server, enter the following command:
hostname(config)# http server enable
Step 3 To specify the location of the ASDM image, enter the following command:
hostname(config)# asdm image disk0:/asdmfile
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside

0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33779008
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 33806671
http://www.cisco.com/en/US/docs/security/asa/asa72/getting_started/asa5505/quick/guide/setup.html

Alternatively, you can add the following config lines:
http server enable
http <IPaddress> <mask> <interface>
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question