• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Cisco ASA & AnyConnect

Hi - My questions is, do we need to <enable webvpn> on the outside interface  on a cisco ASA device in order to use AnyConnect SSL vpn from a client pc.

If the answer is yes, why is this the case, and how can we restrict webvpn or tie it down to AnyConnect profile only if we are not using Clientless vpn over a browser.

I always thought that webvpn was only enable if we use or configure Clientless VPN over a browser !

Regards
Adam
0
adam_kan2000
Asked:
adam_kan2000
1 Solution
 
Henk van AchterbergSr. Technical ConsultantCommented:
You probably mean enable outside in the webvpn configuration mode. This is required.

If you do not create a SSL Client Less connection profile, users will only be able to use the anyconnect profile. The https website is present but when you login you will get the java/activex control for connecting with anyconnect.

Restricting users to a profile can be done several ways. If you use certificates you can map those to a profile. When you use radius, you can use radius attributes and mapping. Also local users can be bound to a profile:

username <username> attributes
 vpn-group-policy <group.policy>
 vpn-tunnel-protocol ssl-client
 group-lock value <group.policy>
 service-type remote-access
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now