Cisco ASA Webvpn Customization Setup

Posted on 2010-11-19
Last Modified: 2012-05-10
I am in the process of customizing my new 5505 ASA webvpn for my company. I am having some issues getting the simple task of getting bookmarks setup. I am mainly using the ASDM for all the webvpn setup.

I have 5 or six connection profiles setup for different departments. Each of these are also configured to call back to their own respective group policies.

In the group policies I have them setup to all have their own custom page template and bookmark list.

One of my questions is that there simply are no bookmarks anywhere in the webvpn site. Where are they supposed to be? Anyone have any suggestions to this?

Also, an additional question. I currently have all these connection profiles, but I cannot seem to find a good solution to only let certain users connect to each. I have ldap authentication setup and working.

Question by:bullhog
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 10

Expert Comment

ID: 34192263
First, what do you mean by 'there simply are no bookmarks anywhere in the webvpn site'? Do you mean they don't show up when you log onto the webvpn? Your bookmarks are defined *only* via the ASDM, Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Portal -> Bookmarks. If they are defined there and do not show up at login, you've got your Dynamic Access Policies (DAP) misconfigured.

To set certain bookmarks viewable only by certain users, you need to split those users by LDAP membership in a DAP.

Author Comment

ID: 34196422
Thanks for the response. What I meant is that the bookmarks do not show up is that after logging in to the site, they do not show up in the home page. I am almost positive the problem is with DAP but I am a little lost with it in ASDM. I tried to setup DAP a while ago but all the help screens I found have.... different information. So I believe this may be causing the issues due to not being able to configure this completely.

The different information being a difference in the "Dynamic Access Policy" screen. My problem is that I do not see the section of the page that lets me define ldap authorization stuff. (Access/Authorization Policy Attributes)

I have ASA v8.2.1 and ASDM v6.2.1. I have attached a screenshot to show you what I mean by a missing section.

Also, I have tried the ASDM on two different computers. One with the client installed and the other just the java app.
LVL 10

Accepted Solution

stsonline earned 500 total points
ID: 34196578
Ignore the default DAP for a minute and Add a new policy with ACL Priority 10. Name it 'test' or something - the goal is to first verify your LDAP setup is working correctly. Once the new policy is created, choose a Selection Criteria of 'User has ANY of the following AAA Attributes values...' then click Add. Change the AAA Attribute Type to LDAP and it should give you one Attribute ID: memberOf. Click on 'Get AD Groups' and make sure you are seeing the correct group info from your AD server. To nail a DAP to a particular AD group, select the correct group here then return to the Edit page. On the Action tab click 'Continue', and on the Bookmarks tab find the bookmark list you want the group to see, then Add it to the right pane. Save those changes and you should be good to go.
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

LVL 10

Expert Comment

ID: 34196595
BTW, the LDAP setup is on the same Configuration page under AAA/Local Users, AAA Server Groups.
LVL 10

Expert Comment

ID: 34196621
Here's a fairly good link to a Cisco doc regarding configuring DAPs. Keep in mind most of the DAP functionality is geared towards interaction with Cisco Secure Desktop but the basic LDAP stuff is useful for applying specific bookmark lists and such.

Author Comment

ID: 34196675
Ok... so a side note to this question. The reason I was having so much problems doing any setup with DAP was that I could not see the "add, edit, delete" buttons on the right of the asdm. My screen is set to 1280x1024 so I never imagined that screen resolution could be the issue. I ran ASDM on a seperate computer with 1680x1080 (I dont know if that correct or not...) and I could see the add edit, delete buttons.

What a infuriating reason to have so much problems... I will proceed to set this up and If i have more questions on DAP setup, I will post them here.

Author Comment

ID: 34196926
Well, magically things are working how I want them to now. I guess my only question left to be answered is the screen resolution issue. Is there a way to launch asdm in a specific resolution so that it does not try to auto adjust?

I still have the issue that I cannot see certain things unless I am on a computer with an abnormally high screen resolution.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question