Cisco ASA Webvpn Customization Setup

Hello,
I am in the process of customizing my new 5505 ASA webvpn for my company. I am having some issues getting the simple task of getting bookmarks setup. I am mainly using the ASDM for all the webvpn setup.

I have 5 or six connection profiles setup for different departments. Each of these are also configured to call back to their own respective group policies.

In the group policies I have them setup to all have their own custom page template and bookmark list.

One of my questions is that there simply are no bookmarks anywhere in the webvpn site. Where are they supposed to be? Anyone have any suggestions to this?

Also, an additional question. I currently have all these connection profiles, but I cannot seem to find a good solution to only let certain users connect to each. I have ldap authentication setup and working.

Thanks!
LVL 1
bullhogAsked:
Who is Participating?
 
stsonlineConnect With a Mentor Commented:
Ignore the default DAP for a minute and Add a new policy with ACL Priority 10. Name it 'test' or something - the goal is to first verify your LDAP setup is working correctly. Once the new policy is created, choose a Selection Criteria of 'User has ANY of the following AAA Attributes values...' then click Add. Change the AAA Attribute Type to LDAP and it should give you one Attribute ID: memberOf. Click on 'Get AD Groups' and make sure you are seeing the correct group info from your AD server. To nail a DAP to a particular AD group, select the correct group here then return to the Edit page. On the Action tab click 'Continue', and on the Bookmarks tab find the bookmark list you want the group to see, then Add it to the right pane. Save those changes and you should be good to go.
0
 
stsonlineCommented:
First, what do you mean by 'there simply are no bookmarks anywhere in the webvpn site'? Do you mean they don't show up when you log onto the webvpn? Your bookmarks are defined *only* via the ASDM, Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Portal -> Bookmarks. If they are defined there and do not show up at login, you've got your Dynamic Access Policies (DAP) misconfigured.

To set certain bookmarks viewable only by certain users, you need to split those users by LDAP membership in a DAP.
0
 
bullhogAuthor Commented:
Thanks for the response. What I meant is that the bookmarks do not show up is that after logging in to the site, they do not show up in the home page. I am almost positive the problem is with DAP but I am a little lost with it in ASDM. I tried to setup DAP a while ago but all the help screens I found have.... different information. So I believe this may be causing the issues due to not being able to configure this completely.

The different information being a difference in the "Dynamic Access Policy" screen. My problem is that I do not see the section of the page that lets me define ldap authorization stuff. (Access/Authorization Policy Attributes)

I have ASA v8.2.1 and ASDM v6.2.1. I have attached a screenshot to show you what I mean by a missing section.

Also, I have tried the ASDM on two different computers. One with the client installed and the other just the java app.
DAP.jpg
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
stsonlineCommented:
BTW, the LDAP setup is on the same Configuration page under AAA/Local Users, AAA Server Groups.
0
 
stsonlineCommented:
Here's a fairly good link to a Cisco doc regarding configuring DAPs. Keep in mind most of the DAP functionality is geared towards interaction with Cisco Secure Desktop but the basic LDAP stuff is useful for applying specific bookmark lists and such.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/vpn_dap.html
0
 
bullhogAuthor Commented:
Ok... so a side note to this question. The reason I was having so much problems doing any setup with DAP was that I could not see the "add, edit, delete" buttons on the right of the asdm. My screen is set to 1280x1024 so I never imagined that screen resolution could be the issue. I ran ASDM on a seperate computer with 1680x1080 (I dont know if that correct or not...) and I could see the add edit, delete buttons.

What a infuriating reason to have so much problems... I will proceed to set this up and If i have more questions on DAP setup, I will post them here.
0
 
bullhogAuthor Commented:
Well, magically things are working how I want them to now. I guess my only question left to be answered is the screen resolution issue. Is there a way to launch asdm in a specific resolution so that it does not try to auto adjust?

I still have the issue that I cannot see certain things unless I am on a computer with an abnormally high screen resolution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.