Example 4: Customer C Context Configuration; Example 5: Clientless Ssl Vpn Configuration - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Example 5: Clientless SSL VPN Configuration
Example 4: Customer C Context Configuration
interface gigabitethernet 0/0.153
nameif outside
security-level 0
no shutdown
interface gigabitethernet 0/1.7
nameif inside
security-level 100
no shutdown
passwd fl0wer
enable password treeh0u$e
ip address 10.1.4.1 255.255.255.0
route outside 0 0 10.1.4.2 1
access-list OSPF remark -Allows OSPF
access-list OSPF extended permit 89 any any
access-group OSPF in interface outside
Example 5: Clientless SSL VPN Configuration
This configuration shows the commands needed to create clientless SSL VPN connections to the security
appliance.
Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to the security appliance
using a web browser. There is no need for either a software or hardware client. Clientless SSL VPN
provides easy access to a broad range of web resources and web-enabled applications from almost any
computer that can reach HTTP(S) Internet sites. Clientless SSL VPN uses Secure Socket Layer Protocol
and its successor, Transport Layer Security (SSL/TLS1) to provide a secure connection between remote
users and specific, supported internal resources that you configure at a central site. The security
appliance recognizes connections that need to be proxied, and the HTTP server interacts with the
authentication subsystem to authenticate users.
Configure the security appliance for clientless SSL VPN.
Step 1
webvpn
! WebVPN sessions are allowed on the outside and dmz1 interfaces, ASDM is not allowed.
enable outside
enable dmz161
title-color green
secondary-color 200,160,0
text-color black
default-idle-timeout 3600
! The NetBios Name server used for CIFS resolution.
nbns-server 172.31.122.10 master timeout 2 retry 2
accounting-server-group RadiusACS1
! WebVPN sessions are authenticated to a RADIUS aaa server.
authentication-server-group RadiusACS2
Step 2
You must enable clientless SSL VPN access lists to be enforced on a group-policy or user policy. The
access lists are defined with the filter value command in the group or user configuration.
access-list maia2 remark -deny access to url and send a syslog every 300 seconds
access-list maia2 remark -containing the hit-count (how many times the url was accessed)
access-list maia2 webtype deny url https://sales.example.com log informational interval
300
access-list maia2 remark -Permits access to the URL.
access-list maia2 webtype permit url http://employee-connection.example.com
Cisco Security Appliance Command Line Configuration Guide
B-16
Appendix B
Sample Configurations
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
