Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

What does "Shutdown portal login page" do

Posted on 2013-07-02
3
Medium Priority
?
2,869 Views
Last Modified: 2013-07-02
Hi,

Please could someone explain to me what the following option does on a Cisco ASA:
"Shutdown portal login page"

You can enable this via the ASDM
Configuration > Remote Access VPN > Network (Client) Access > Anyconnect Connection Profiles > Login Page Settings
0
Comment
Question by:Sc0t
  • 2
3 Comments
 
LVL 15

Assisted Solution

by:Raj-GT
Raj-GT earned 2000 total points
ID: 39292783
This will disable the SSL VPN Logon page by removing fields to enter username and passwords in effect disabling that anyconnect profile.
0
 

Author Comment

by:Sc0t
ID: 39292828
Hi Raj-GT,

Thank you for your reply.

Can you explain further if I want to create an Anyconnect VPN profile and want to install/configure the software manually on a host machine, if I disable the VPN login page will this also disable that VPN connection?

Reason I ask is we would prefer to install the software manually rather than having a user go to a webpage and have to download/install the Anyconnect software. We would also like it if the webportal page was disabled so that people on the Internet would not be able to try/guess usernames and passwords potentially letting them download and install the Anyconnect software with our profile.
0
 
LVL 15

Accepted Solution

by:
Raj-GT earned 2000 total points
ID: 39293217
Correct. You cannot disable the portal page and have AnyConnect VPN working.

You can stop the auto installing of the SSL VPN client by not uploading the client pkg files to the ASA in the first place. This way only the clients with the software per-installed will work be able to connect to your VPN. (There is nothing stopping the user from installing the Cisco VPN client from other sources and connect to your VPN though.)

Brute force attacks are a problem with all SSL VPN solutions. You can use certificates or OTP tokens (I have used RSA and SafeWord with Cisco) to prevent this. Check the links below for more details on this.

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html

http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1119491

Thanks.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question