Chapter 11
Scenario: SSL VPN Clientless Connections
Information to Have Available
78-19186-01
Before you begin configuring the adaptive security appliance to accept remote
access IPsec VPN connections, make sure that you have the following information
available:
Name of the interface on the adaptive security appliance to which remote
•
users will connect. When remote users connect to this interface, the SSL VPN
Portal Page is displayed.
Digital certificate
•
The ASA 5500 series generates a self-signed certificate by default. For
improved security and to eliminate browser warning messages, you may want
to purchase a publicly trusted SSL VPN certificate before putting the system
in a production environment.
List of users to be used in creating a local authentication database, unless you
•
are using a AAA server for authentication.
If you are using a AAA server for authentication, the AAA Server Group
•
Name
•
The following information about group policies on the AAA server:
Server group name
–
Authentication protocol to be used (TACACS, SDI, NT, Kerberos,
–
LDAP)
IP address of the AAA server
–
Interface of the adaptive security appliance to be used for authentication
–
Secret key to authenticate with the AAA server
–
List of internal websites or pages you want to appear on the SSL VPN portal
•
page when remote users establish a connection. Because this is the page users
see when they first establish a connection, it should contain the most
frequently used targets for remote users.
Implementing the Clientless SSL VPN Scenario
Cisco ASA 5500 Series Getting Started Guide
11-5