[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cisco ASA Webvpn Customization Setup

Posted on 2010-11-19
7
Medium Priority
?
1,933 Views
Last Modified: 2012-05-10
Hello,
I am in the process of customizing my new 5505 ASA webvpn for my company. I am having some issues getting the simple task of getting bookmarks setup. I am mainly using the ASDM for all the webvpn setup.

I have 5 or six connection profiles setup for different departments. Each of these are also configured to call back to their own respective group policies.

In the group policies I have them setup to all have their own custom page template and bookmark list.

One of my questions is that there simply are no bookmarks anywhere in the webvpn site. Where are they supposed to be? Anyone have any suggestions to this?

Also, an additional question. I currently have all these connection profiles, but I cannot seem to find a good solution to only let certain users connect to each. I have ldap authentication setup and working.

Thanks!
0
Comment
Question by:bullhog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:stsonline
ID: 34192263
First, what do you mean by 'there simply are no bookmarks anywhere in the webvpn site'? Do you mean they don't show up when you log onto the webvpn? Your bookmarks are defined *only* via the ASDM, Configuration -> Remote Access VPN -> Clientless SSL VPN Access -> Portal -> Bookmarks. If they are defined there and do not show up at login, you've got your Dynamic Access Policies (DAP) misconfigured.

To set certain bookmarks viewable only by certain users, you need to split those users by LDAP membership in a DAP.
0
 
LVL 1

Author Comment

by:bullhog
ID: 34196422
Thanks for the response. What I meant is that the bookmarks do not show up is that after logging in to the site, they do not show up in the home page. I am almost positive the problem is with DAP but I am a little lost with it in ASDM. I tried to setup DAP a while ago but all the help screens I found have.... different information. So I believe this may be causing the issues due to not being able to configure this completely.

The different information being a difference in the "Dynamic Access Policy" screen. My problem is that I do not see the section of the page that lets me define ldap authorization stuff. (Access/Authorization Policy Attributes)

I have ASA v8.2.1 and ASDM v6.2.1. I have attached a screenshot to show you what I mean by a missing section.

Also, I have tried the ASDM on two different computers. One with the client installed and the other just the java app.
DAP.jpg
0
 
LVL 10

Accepted Solution

by:
stsonline earned 2000 total points
ID: 34196578
Ignore the default DAP for a minute and Add a new policy with ACL Priority 10. Name it 'test' or something - the goal is to first verify your LDAP setup is working correctly. Once the new policy is created, choose a Selection Criteria of 'User has ANY of the following AAA Attributes values...' then click Add. Change the AAA Attribute Type to LDAP and it should give you one Attribute ID: memberOf. Click on 'Get AD Groups' and make sure you are seeing the correct group info from your AD server. To nail a DAP to a particular AD group, select the correct group here then return to the Edit page. On the Action tab click 'Continue', and on the Bookmarks tab find the bookmark list you want the group to see, then Add it to the right pane. Save those changes and you should be good to go.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 10

Expert Comment

by:stsonline
ID: 34196595
BTW, the LDAP setup is on the same Configuration page under AAA/Local Users, AAA Server Groups.
0
 
LVL 10

Expert Comment

by:stsonline
ID: 34196621
Here's a fairly good link to a Cisco doc regarding configuring DAPs. Keep in mind most of the DAP functionality is geared towards interaction with Cisco Secure Desktop but the basic LDAP stuff is useful for applying specific bookmark lists and such.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/vpn_dap.html
0
 
LVL 1

Author Comment

by:bullhog
ID: 34196675
Ok... so a side note to this question. The reason I was having so much problems doing any setup with DAP was that I could not see the "add, edit, delete" buttons on the right of the asdm. My screen is set to 1280x1024 so I never imagined that screen resolution could be the issue. I ran ASDM on a seperate computer with 1680x1080 (I dont know if that correct or not...) and I could see the add edit, delete buttons.

What a infuriating reason to have so much problems... I will proceed to set this up and If i have more questions on DAP setup, I will post them here.
0
 
LVL 1

Author Comment

by:bullhog
ID: 34196926
Well, magically things are working how I want them to now. I guess my only question left to be answered is the screen resolution issue. Is there a way to launch asdm in a specific resolution so that it does not try to auto adjust?

I still have the issue that I cannot see certain things unless I am on a computer with an abnormally high screen resolution.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question