Example 4: Customer C Context Configuration - Cisco FirePOWER ASA 5500 series Configuration Manual

Example 5: WebVPN Configuration

Example 4: Customer C Context Configuration

interface gigabitethernet 0/0.153
nameif outside
security-level 0
no shutdown
interface gigabitethernet 0/1.7
nameif inside
security-level 100
no shutdown
passwd fl0wer
enable password treeh0u$e
ip address 10.1.4.1 255.255.255.0
route outside 0 0 10.1.4.2 1
access-list OSPF remark -Allows OSPF
access-list OSPF extended permit 89 any any
access-group OSPF in interface outside
Example 5: WebVPN Configuration
This configuration shows the commands needed to create WebVPN connections to the security
appliance.
WebVPN lets users establish a secure, remote-access VPN tunnel to the security appliance using a web
browser. There is no need for either a software or hardware client. WebVPN provides easy access to a
broad range of web resources and web-enabled applications from almost any computer that can reach
HTTP(S) Internet sites. WebVPN uses Secure Socket Layer Protocol and its successor, Transport Layer
Security (SSL/TLS1) to provide a secure connection between remote users and specific, supported
internal resources that you configure at a central site. The security appliance recognizes connections that
need to be proxied, and the HTTP server interacts with the authentication subsystem to authenticate
users.
Configure the security appliance for WebVPN.
Step 1
webvpn
! WebVPN sessions are allowed on the outside and dmz1 interfaces, ASDM is not allowed.
enable outside
enable dmz161
title-color green
secondary-color 200,160,0
text-color black
default-idle-timeout 3600
! The NetBios Name server used for CIFS resolution.
nbns-server 172.31.122.10 master timeout 2 retry 2
accounting-server-group RadiusACS1
! WebVPN sessions are authenticated to a RADIUS aaa server.
authentication-server-group RadiusACS2
You must enable WebVPN access lists to be enforced on a group-policy or user policy. The access lists
Step 2
are defined with the filter value and functions commands in the group or user configuration.
access-list maia2 remark -deny access to url and send a syslog every 300 seconds
access-list maia2 remark -containing the hit-count (how many times the url was accessed)
access-list maia2 webtype deny url https://sales.example.com log informational interval
300
access-list maia2 remark -Permits access to the URL.
access-list maia2 webtype permit url http://employee-connection.example.com
Cisco Security Appliance Command Line Configuration Guide
B-16
Appendix B Sample Configurations
OL-10088-01