Chapter 9
Scenario: SSL VPN Clientless Connections
Information to Have Available
Starting ASDM
78-18003-02
Before you begin configuring the adaptive security appliance to accept remote
access IPsec VPN connections, make sure that you have the following
information available:
Name of the interface on the adaptive security appliance to which remote
•
users will connect. When remote users connect to this interface, the SSL VPN
Portal Page is displayed.
Digital certificate
•
The ASA 5505 generates a self-signed certificate by default. For improved
security and to eliminate browser warning messages, you may want to
purchase a publicly trusted SSL VPN certificate before putting the system in
a production environment.
List of users to be used in creating a local authentication database, unless you
•
are using a AAA server for authentication.
If you are using a AAA server for authentication, the AAA Server Group
•
Name
•
The following information about group policies on the AAA server:
Server group name
–
Authentication protocol to be used (TACACS, SDI, NT, Kerberos,
–
LDAP)
IP address of the AAA server
–
Interface of the adaptive security appliance to be used for authentication
–
Secret key to authenticate with the AAA server
–
List of internal websites or pages you want to appear on the SSL VPN portal
•
page when remote users establish a connection. Because this is the page users
see when they first establish a connection, it should contain the most
frequently used targets for remote users.
This section describes how to start ASDM using the ASDM Launcher software.
If you have not installed the ASDM Launcher software, see Installing the ASDM
Launcher, page 5-5.
Implementing the Clientless SSL VPN Scenario
ASA 5505 Getting Started Guide
9-5