Try to customize login page for ASA 5505 SSL - VPN

Nice day

I'm looking for help to customize the login page for the ssl - vpn as mentioned. When the vpn is configured, the default template allows my customers to connect with this: IMAGE 1

While trying to change the login page, I have to create a new customization without CLIENT SSL VPN ACCESS-> PORTAL-> CUSTOMIZATION file in the ASDM. When I do this and I'm trying to change the login page, it comes up with 2 forms of authentication and a fast internal password like this: IMAGE 2

How can I change the login page, I created so that users only see the fields username and password for regular as the default template?

Thank you all for your time and assistance

Joel

Hi Joel,

What you see is just the preview, right?

Preview displays the purpose of customization, since the password internal and the second authentication controls are the features that are activated in different parts of the configuration.

WebVPN

allow outside

internal-password enable

attributes global-tunnel-group DefaultWEBVPNGroup

secondary-authentication-server-group second_authentication_server

INFO: This command applies only to the SSL VPN - Clientless and AnyConnect.

So I recommend to assign this object of customization to a group policy and test access to the content of the specific connection profile.

Thank you.

Portu.

Please note all useful posts

Tags: Cisco Security

Similar Questions

ASA 5505 SSL VPN license update

Hi all.

Our ASA 5505 with DATABASE default license allowing only 10 simultaneous vpn sessions (including 2 Anyconnect + IPsec). attached a TXT file with the license information. This Firewall is's use only for vpn access, and we less vpn tunnel vpn IPSec-L2L, anyconnect client SSL and IPSec client access configurations vpn to the top and race walk,.

We are in terms of upgrading vpn license to archive IPSec 10 and 10 Anyconnect and 1 anyconect mobile VPN sessions in time. so my questions are;

1. can I buy "ASA5500-SSL-10 =" accounting and to upgrade our ASA 5505 without having to buy "L-ASA5505-SEC-PL =" license of pus of security.

2. asa use to upgrade only Anyconnect SSL vpn license while keeping 10 vpn IPSec comes with the base license.

Thank you & you expects value comment

Thank you

JCK

1. Yes.

2.Yes.

If you want to keep Clientless SSL VPN you do not want to continue with the addition of the ASA5500-SSL-10 = part. If you can do without client (including the conversion the two existing ones), more economically, you can opt for Security Plus and AnyConnect Essentials licenses. (US$ 800 vs price $1250).

In both cases, the Mobile requires the AnyConnect Mobile (ASA-AC-M-5505) license.

Login page for MUSE

I am using Muse and would like a login page for one of my pages with sensitive information, it could be the catalyst for the company, but did not. I would like to help this because I did a front login page. I know that there is YouTubes, but nothing with Muse.

Hello

Please see suggestions in the forum link below.

Re: Can I create a login/password in the Muse for a HTML5 page or two?

You can also use the Widget in the link below.

Password protect Pages Widget for Adobe Muse

Concerning

Vivek

ASA 5520 - SSL VPN (Anyconnect) licenses

Hello

Can someone clarify for me the SSL VPN/AnyConnect for the ASA 5520 license? Specifically, the differences between the AnyConnect Essentials and AnyConnect Premium. Our current license looks like this:

The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 150
Internal hosts: unlimited
Failover: Active/active
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 2
GTP/GPRS: disabled
SSL VPN peers: 2
Total of the VPN peers: 750
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect Cisco VPN phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled

This platform includes an ASA 5520 VPN Plus license.

I guess that means that we have just the 2 'free trial' SSL VPN licenses and nothing else.

I would like to add 25 or maybe 50 SSL VPN licenses and be able to use a combination of full free client, thin client and groups client AnyConnect. The 'ASA5500-SSL-25' (or 50) would be the correct license I need to buy?

Thank you

Rob

Hello

The essentials license is per device and does not allow full-tunnel.

If you need other features like Secure Desktop, without client SSL and other optional features such as shared licenses, you must go to the Premium license.

http://www.Cisco.com/en/us/prod/collateral/vpndevc/ps6032/ps6094/ps6120/data_sheet_c78-527494_ps10884_Products_Data_Sheet.html

Federico.

licenses for ASA 5505, site-to-site vpn

Hi, gang,

I've not worked on ASA for a few years, so a little rusty on the issuance of licenses. my client has 5 locations, a few computers at each location. 4 tunnels vpn site-to-site will be implemented, so that 1 Server @ main location of accounting is accessible from other. simple configuration. I wonder if I have to purchase additional licenses? This is the part number of the device that I'm aiming for:

ASA5505-BUN-K9
Cisco ASA 5505 Adaptive Security Appliance 8 ports Fast Ethernet Switch with 10 user licenses

Thank you!

Jonathan

Your license for the VPN is perfectly fine as the Base license supports 10 VPN-peers. The 10 user license is what could restrict more.

And if the 5505 is not yet bought, go directly to the ASA 5506 - X as the 5505 is a legacy device and will probably go little EOS.

Impossible to disable Easy VPN remote for ASA 5505 6.4 AMPS

When installing ASA 5505, we chose Easy VPN remote. Now, we want to turn it off. We go to Configuration in ASDM > remote access VPN > Easy VPN remote and try to clear the checkbox enable Easy VPN remote, but it will not uncheck. How can we disable it?

ASDM, go in tools--> command line Interface...--> and then enter 'without activating vpnclient'--> the button 'send '.

Which will disable the Easy VPN remote on the SAA.

Hope that helps.

How to develop a login page for my application

I am new to Oracle ADF. AM to develop a simple web application, but I want to integrate a login page that a user can access the home page. How do I get there?

Read this article http://www.oracle.com/technetwork/issue-archive/2012/12-jan/o12adf-1364748.html

Timo

Need SSL for ASA 5505 10 license with basic license - security plus license is necessary?

A salesman told me that one of my clients needs an upgrade to a security plus license before he can ask 10 SSL VPN licenses. I travelled the Cisco's Web site and could not find anything about it either, saying that. Nobody knows what it takes to go? Thank you.

I never installed them on a non - ASA SecPlus, but the documentation clearly indicates that it is supported:

http://www.Cisco.com/en/us/docs/security/ASA/asa84/license/license_management/license.html#wp2141762

--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni

ASA 5505 ASDM VPN connection problem

Hello

We are running a version of firewall ASA 5505 8.4 (4) 1. The ASDM version is 6.4 (9).

The problem is when the creation of remote access VPN connection, it works fine for about 2-3 days.

After that, the VPN client cannot connect more and gives the error code 789.

In this case, the VPN clients are clients of Windows 7 from different remote networks with the same problem scenario.

Windows 8.1 clients cannot connect at all and show the same error code...

All connections go through the keys defaultragroup and preshare match on both sides.

When the user to connect attemps I receive the following text in the log of the ASDM:

6 April 10, 2015 10:52:39 group = DefaultL2LGroup, IP = 5.240.31.116, P1 retransmit msg sent to the WSF MM

5 April 10, 2015 10:52:39 group = DefaultL2LGroup, IP = 5.240.31.116, in double Phase 1 detected package. Retransmit the last packet.

5 April 10, 2015 10:53:03 IP = 5.240.31.116, encrypted packet received with any HIS correspondent, drop

When I implemented the remote login through ASDM I followed the instructions according to the following link:

http://www.databasemart.com/HOWTO/Cisco_VPN_Remote_Access_Setup_ASA5500...

The steps were a little different, but almost the same, given that these instructions show an old version

I'm interested in trying the steps according to this link but not sure this will help me solve the problem id:

http://www.petenetlive.com/kb/article/0000571.htm

Any help would be appreciated!

Thank you

Hello

If you use local authentication (user name and password on the SAA), so why you would need this threshold?

tunnel-group DefaultRAGroup ppp-attributes
No chap authentication
ms-chap-v2 authentication
!

Remove it and try.

ASA 5505 IPSEC VPN connected but cannot access the local network

ASA: 8.2.5

ASDM: 6.4.5

LAN: 10.1.0.0/22

Pool VPN: 172.16.10.0/24

Hi, we purcahsed a new ASA 5505 and try to configure IPSEC VPN via ASDM; I simply run the wizards, installation vpnpool, split tunnelling, etc.

I can connect to the ASA using the cisco VPN client and internet works fine on the local PC, but it can not access the local network (can not impossible. ping remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile, I created worked very well.

Here is my setup, wrong set up anything?

ASA Version 8.2 (5)

!

hostname asatest

domain XXX.com

activate 8Fw1QFqthX2n4uD3 encrypted password

g9NiG6oUPjkYrHNt encrypted passwd

names of

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

IP 10.1.1.253 255.255.252.0

!

interface Vlan2

nameif outside

security-level 0

address IP XXX.XXX.XXX.XXX 255.255.255.240

!

passive FTP mode

clock timezone PST - 8

clock summer-time recurring PDT

DNS server-group DefaultDNS

domain vff.com

vpntest_splitTunnelAcl list standard access allowed 10.1.0.0 255.255.252.0

access extensive list ip 10.1.0.0 inside_nat0_outbound allow 255.255.252.0 172.16.10.0 255.255.255.0

pager lines 24

Enable logging

timestamp of the record

logging trap warnings

asdm of logging of information

logging - the id of the device hostname

host of logging inside the 10.1.1.230

Within 1500 MTU

Outside 1500 MTU

IP local pool 172.16.10.1 - 172.16.10.254 mask 255.255.255.0 vpnpool

no failover

ICMP unreachable rate-limit 1 burst-size 1

don't allow no asdm history

ARP timeout 14400

Global 1 interface (outside)

NAT (inside) 0-list of access inside_nat0_outbound

NAT (inside) 1 0.0.0.0 0.0.0.0

Route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Floating conn timeout 0:00:00

dynamic-access-policy-registration DfltAccessPolicy

AAA-server protocol nt AD

AAA-server host 10.1.1.108 AD (inside)

NT-auth-domain controller 10.1.1.108

Enable http server

http 10.1.0.0 255.255.252.0 inside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

outside_map interface card crypto outside

crypto ISAKMP allow outside

crypto ISAKMP policy 10

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Telnet timeout 5

SSH 10.1.0.0 255.255.252.0 inside

SSH timeout 20

Console timeout 0

dhcpd outside auto_config

!

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

internal group vpntest strategy

Group vpntest policy attributes

value of 10.1.1.108 WINS server

Server DNS 10.1.1.108 value

Protocol-tunnel-VPN IPSec l2tp ipsec

disable the password-storage

disable the IP-comp

Re-xauth disable

disable the PFS

IPSec-udp disable

IPSec-udp-port 10000

Split-tunnel-policy tunnelspecified

value of Split-tunnel-network-list vpntest_splitTunnelAcl

value by default-domain XXX.com

disable the split-tunnel-all dns

Dungeon-client-config backup servers

the address value vpnpool pools

admin WeiepwREwT66BhE9 encrypted privilege 15 password username

username user5 encrypted password privilege 5 yIWniWfceAUz1sUb

the encrypted password privilege 3 umNHhJnO7McrLxNQ util_3 username

tunnel-group vpntest type remote access

tunnel-group vpntest General attributes

address vpnpool pool

authentication-server-group AD

authentication-server-group (inside) AD

Group Policy - by default-vpntest

band-Kingdom

vpntest group tunnel ipsec-attributes

pre-shared-key BEKey123456

NOCHECK Peer-id-validate

!

!

privilege level 3 mode exec cmd command perfmon

privilege level 3 mode exec cmd ping command

mode privileged exec command cmd level 3

logging of the privilege level 3 mode exec cmd commands

privilege level 3 exec command failover mode cmd

privilege level 3 mode exec command packet cmd - draw

privilege show import at the level 5 exec mode command

privilege level 5 see fashion exec running-config command

order of privilege show level 3 exec mode reload

privilege level 3 exec mode control fashion show

privilege see the level 3 exec firewall command mode

privilege see the level 3 exec mode command ASP.

processor mode privileged exec command to see the level 3

privilege command shell see the level 3 exec mode

privilege show level 3 exec command clock mode

privilege exec mode level 3 dns-hosts command show

privilege see the level 3 exec command access-list mode

logging of orders privilege see the level 3 exec mode

privilege, level 3 see the exec command mode vlan

privilege show level 3 exec command ip mode

privilege, level 3 see fashion exec command ipv6

privilege, level 3 see the exec command failover mode

privilege, level 3 see fashion exec command asdm

exec mode privilege see the level 3 command arp

command routing privilege see the level 3 exec mode

privilege, level 3 see fashion exec command ospf

privilege, level 3 see the exec command in aaa-server mode

AAA mode privileged exec command to see the level 3

privilege, level 3 see fashion exec command eigrp

privilege see the level 3 exec mode command crypto

privilege, level 3 see fashion exec command vpn-sessiondb

privilege level 3 exec mode command ssh show

privilege, level 3 see fashion exec command dhcpd

privilege, level 3 see the vpnclient command exec mode

privilege, level 3 see fashion exec command vpn

privilege level see the 3 blocks from exec mode command

privilege, level 3 see fashion exec command wccp

privilege see the level 3 exec command mode dynamic filters

privilege, level 3 see the exec command in webvpn mode

privilege control module see the level 3 exec mode

privilege, level 3 see fashion exec command uauth

privilege see the level 3 exec command compression mode

level 3 for the show privilege mode configure the command interface

level 3 for the show privilege mode set clock command

level 3 for the show privilege mode configure the access-list command

level 3 for the show privilege mode set up the registration of the order

level 3 for the show privilege mode configure ip command

level 3 for the show privilege mode configure command failover

level 5 mode see the privilege set up command asdm

level 3 for the show privilege mode configure arp command

level 3 for the show privilege mode configure the command routing

level 3 for the show privilege mode configure aaa-order server

level mode 3 privilege see the command configure aaa

level 3 for the show privilege mode configure command crypto

level 3 for the show privilege mode configure ssh command

level 3 for the show privilege mode configure command dhcpd

level 5 mode see the privilege set privilege to command

privilege level clear 3 mode exec command dns host

logging of the privilege clear level 3 exec mode commands

clear level 3 arp command mode privileged exec

AAA-server of privilege clear level 3 exec mode command

privilege clear level 3 exec mode command crypto

privilege clear level 3 exec command mode dynamic filters

level 3 for the privilege cmd mode configure command failover

clear level 3 privilege mode set the logging of command

privilege mode clear level 3 Configure arp command

clear level 3 privilege mode configure command crypto

clear level 3 privilege mode configure aaa-order server

context of prompt hostname

no remote anonymous reporting call

Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4

: end

Captures we can see packets going from the pool to the internal LAN, but we do not reply back packages.

The routing must be such that for 172.16.10.0/24 packages should reach the inside interface of the ASA.

On client machines or your internal LAN switch, you need to add route for 172.16.10.0/24 pointing to the inside interface of the ASA.

ASA 5505 ipsec vpn connection fails

Hello

I'm trying to configure a Cisco ASA 5505 for Remote Clients.

I use the ASDM interface and used assistants start and ipsec for my setup, but im hit a stumbling block.

To last make it work 2 days I have tried a number of configuration changes to try to make this work but didn't, so I did a factory reset and passed by the assistants, once again, I have a clean Setup that I hope someone can help me.

Currently I have an IP public static 81.137.x.x and I use a Netgear ADSL router, which transfers (UDP 500) VPN traffic to 192.168.171.35 (port wan on the ASA 5505).

The Cisco ASA has a default address of 192.168.1.1

I use the Cisco Client 5.0.06.0160.

I have configured the client to use authentication group with the same credentials as configuration through the wizard and im using Transparent Tunneling IPSec over UDP.

I have attached 2 documents

running_config.txt - what is shows the current configuration of ASA

Journal - View.txt - display of error messages displayed in the real-time log viewer when I try to connect from the remote client.

I'm not sure if I need to do on the other that additional configurations for my setup simply run the wizards.

Any help would be appreciated.

Thank you

Hello Philippe,

According to the lines in the journal, there is a problem of routing for ip vpn applicant address. ASA couldn't find the definition of route suitable for the return traffic. Add a default route to unknown destinations could solve this problem. As I see you are using modem netgear as a default gateway for your ASA. I write example of command line for this purpose.

Route outside 0.0.0.0 0.0.0.0 NetGear_LAN_IP_Address 1

Ufuk Güler

Cisco ASA 5505 remote VPN access to the local network

I have installed two ASA 5505 VPN site to site that works perfectly. Now, I also need to have 1 customer site to remote access VPN with Cisco VPN dialer. I can get the VPN dialer to connect the VPN and get a VPN IP address, but I do not have access to the remote network. can someone take a look and see what I'm missing? I have attached the ASA running config.

Apologize for the misunderstanding.

To access the remote vpn client 10.10.100.x subnet, the vpn-filter ACL is the opposite.

Please please share the following ACL:

FROM: / * Style Definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-marge-haut : 0 cm ; mso-para-marge-droit : 0 cm ; mso-para-marge-bas : 10.0pt ; mso-para-marge-gauche : 0 cm ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

outside_cryptomapVPN list of allowed ip extended access any 10.10.20.0 255.255.255.224

TO:

/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-marge-haut : 0 cm ; mso-para-marge-droit : 0 cm ; mso-para-marge-bas : 10.0pt ; mso-para-marge-gauche : 0 cm ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

outside_cryptomapVPN to access extended list ip 10.10.20.0 allow 255.255.255.224 all

Hope that helps.

ASA 5520: SSL VPN by using a different IP address that the ASA public IP address

Hi guys,.

I'm trying to configure an SSL VPN on a Cisco ASA5520.

Unfortunately port 443 interface OUTSIDE of the SAA is already used by Microsoft Outlook Web Access and I can not change the configuration of Outlook. This configuration already in place allows me to use the public IP address of the ASA as IP Cisco VPN for the Web page.

I don't not want to use a different port so to keep life easy for users.

I have a few available public IPs that I can use so I wanted to use one of them instead of the OUTSIDE of the ASA interface. Any idea how I could do?

Thank you

Dario

Unfortunately you can not use any other public ip address, except the ASA outside IP interface to complete the SSL VPN.

The only options that you have is to change the Outlook to use another port or the SSL VPN to use a different port.

Cisco ASA AnyConnect SSL VPN - certificates + token?

Hello

I'm looking for an answer is it possible such configuration:

The Cisco AnyConnect SSL VPN service with two-factor - first method is the Microsoft CA certificate local and second method - a token solution Symantec VIP password?

I don't know if two-factor authentication is user/password from Active Directory + OTP by Symantec VIP there is no problem, because you can send the user + pass with Radius, but with certificates I do not really understand who will check the validity of the certificate, which certificate, we will send you to the RADIUS for the validation server and how the configuration of the point of view of ASA will look like.

Thank you very much for the help!

Hi Alex,

I don't see a problem with having certificate + token to connect to the VPN. Certificate authentication must be performed on the SAA, see an example below:

https://supportforums.Cisco.com/blog/152941/AnyConnect-certificate-based-authentication

Authentication token can be specified as primary/secondary (authentication SDI) on the SAA, an example below:

http://www.Cisco.com/c/en/us/TD/docs/security/vpn_client/AnyConnect/anyconnect31/Administration/Guide/anyconnectadmin31/ac11authenticate.html#pgfId-1060345

It may be useful

-Randy-

ASA 5510 - SSL VPN without CLIENT - remote desktop

Is it possible to make a desktop connection remote clientless SSL VPN with a browser? I know that I can do with client anyconnect SSL but I can do without a customer?

Yes it is possible, you must first make sure that you have transferred to the ASA RDP plugin. When you are editing you bookmarks, you will see an option for RDP.

Try to customize login page for ASA 5505 SSL - VPN

Similar Questions

Maybe you are looking for