Filter
Top Products
69-67
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring Clientless SSL VPN Connections
Fields
• Access Interfaces—Lets you select from a table the interfaces on which to enable access. The fields
in this table include the interface name and check boxes enabling you whether to allow access.
–
Device Certificate—Lets you specify a certificate for authentication.
–
Manage—Opens the Manage Identity Certificates dialog box, on which you can add, edit,
delete, export, and show details for a selected certificate.
–
Port Setting—Configure port numbers for clientless SSL and IPsec (IKEv2) connections. The
range is 1-65535. The default is port 443.
• Login Page Setting
–
Allow user to select connection profile, identified by its alias, on the login page. Otherwise,
DefaultWebVPN Group will be the connection profile.—Specifies that the user login page
presents the user with a drop-down menu from which the user can select a particular tunnel
group with which to connect.
–
Allow user to enter internal password on the login page.—Adds an option to input a different
password when accessing internal servers.
–
Shutdown portal login page.—Shows the web page when the login is disabled.
• Connection Profiles—Provides a connection table that shows the records that determine the
connection policy for this connection (tunnel group). Each record identifies a default group policy
for the connection and contains protocol-specific connection parameters.
–
Add—Opens the Add Clientless SSL VPN dialog box for the selected connection.
–
Edit—Opens the Edit Clientless SSL VPN dialog box for the selected connection.
–
Delete—Removes the selected connection from the table. There is no confirmation or undo.
–
Name—The name of the Connection Profile.
–
Enabled—Checkmark when enabled.
–
Aliases—Other names by which the Connection Profile is known.
–
Authentication Method—Specifies which authentication method is used.
–
Group Policy—Shows the default group policy for this Connection Profile.
• Let group URL take precedence if group URL and certificate map match different connection
profiles. Otherwise, the connection profile matches the certificate map will be used.—This option
specifies the relative preference of the group URL and certificate values during the connection
profile selection process. If the ASA fails to match the preferred value specified by the endpoint to
that specified by a connection profile, it chooses the connection profile that matches the other value.
Check this option only if you want to rely on the preference used by many older ASA software
releases to match the group URL specified by the VPN endpoint to the connection profile that
specifies the same group URL. This option is unchecked by default. If it is unchecked, the ASA
prefers to match the certificate field value specified in the connection profile to the field value of the
certificate used by the endpoint to assign the connection profile.
Modes
The following table shows the modes in which this feature is available: