Web portal VPN asa - where is setup?

Similar Questions

• 9.1 ASA + ACS 5.4 SSL Web portal bookmarks according to the ad group.

  Hello.

  Having some problems with ssl vpn on ASA 5515-X.

  I have ASA (9.1) connected to the web portal without client ssl ACS (5.4) and set up mobile client anyconnect. ACS also have connection to Active Directory.

  So he has set up this group AD users, for example, the VPN_clients connect via the anyconnect client or no client via SSL web page. And it works very well.

  My goal is to make different bookmarks portals SSL (in terms of strategies of different group ASA) according to the users AD Group.

  For example: I have 3 groups in AD: VPN_admin, VPN_Finance, VPN_Logistic. I want that the users in the group after authentication to SSL web portal would see only their own bookmarks available only for their group.

  As I inderstand once ACS authentication process must respond to ASA which the user consist of ad groups and ASA should choose the group policy right for the user, but I have no experience how to do that?

  Hello Ivan,.

  You're right, ACS can leave the ASA what group policy is to assign based on the RADIUS of the 25 attribute.

  Measures on the ACS:

  1 - definition of ad groups:

  

  2 set the authorization profile tab elements of the policy:

  

  3. create the policy and authorization access criteria:

  

  Then, on the ASA:

  1 create a group policy and name it.

  2. through the ASDM, create and assign bookmarks to this group policy.

  3 - once a user authenticates, the ACS sends 25 attribute, which contains the string 'OU = it'.

  4 - ASA seeks group it strategy and assigns it to the user's session.

  Let me know if you have any questions.

  HTH.

  Please note all useful messages.

• possible redirect Web SSL VPN to another external ip?

  Hi, it is possible to redirect the web ssl vpn to another external ip of my external range or could I do not use the external interface?

  For example:

  ASA outdoors: 213.23.4.50 (https://213.23.4.50)

  Redirect outside: 213.23.4.51 (https://213.23.4.51)

  same question to redirect the vpn client ip address external to the other that the IP outside of asa.

  concerning

  Jason

  Jason,

  Pretty easy

  BSNs-ASA5520-10 (config) # webvpn
  BSNs-ASA5520-10(config-WebVPN) # port?

  the WebVPN mode options/controls:
    <1-65535>The WebVPN Server SSL listening port. The TCP 443 port is the
  by default.

  Please note however that your users will use

  https://my.domain.tld:port

  to connect... even for clientless and SVC.

  Marcin

• Limiting who can access the Web portal

  Is it possible that I can put a restriction that may and may not access the web portal. I work in a doctors office, I want doctors to be able to access their terminal server from home sessions, but I don't want the Office staff to have the opportunity to do so. Anyone know how I would go about setting up these restrictions? I am running Version 7.6

  Made two Applications to manage.

  Make two groups of ads, one for physicians and one for everyone else.

  Assign each group to another managed Application.

  Do target a device address for the subnet of the office IP range and this applies to the Application to handle for office staff.

  Now, when connecting doctors that they get their own icon to any place of the network they run and the office staff only get an icon in the network of the company.

  -Greg

• Calendar of Outlook synchronization to blackBerry Smartphones when accessed through a web portal

  Can someone point me in the right direction?  I'm giving one of my Blackberry users the ability to synchronize its calendar of his laptop computer.  He can access his Outlook calendar through a web portal to our secure network.  This software has the capacity or is anyone know what software would do?  I don't see that as an option when you set up the software.  Because Outlook is not really run on his laptop computer

  Thanks in advance.

  Well, it isn't really a problem with Outlook.  You seem very friendly.  They access their calendar/tasks and messaging via a web portal as a result of the fire walls, we have in place.

  However, I did more research on my own here and found that Blackberry Professional Software offers wireless calendar synchronization and which seems to be a good resolution.

• Unable to connect to the site Web SSL VPN with firewall zone configured

  I recently updated my 2911 company and set up a firewall area.  This is my first experience with this and I used Cisco Configuration Professional to build the configuration of the firewall first and then edited the names to make it readable by humans.  The only problem I can't solve is to learn site Web SSL VPN from outside.  I can navigate the website and connect without problem from the inside, and even if it was useful to verify that the Routing and the site work properly it is really not what I.  I don't get anything on the syslog for drops because of the firewall server, or for any other reason but packet capture show that no response is received when you try to navigate to the outside Web site.  I am currently using a customer VPN IPSEC solution until I can get this to work and have no problem with it.  I have attached a sanitized with the included relevant lines configuration (deleted ~ 400 lines including logging, many inspections on the movement of the area to the area and the ipsec vpn, which I already mentioned).  I searched anything about this problem and no one has no problem connecting to their Web site, just to get other features to work correctly.  All thoughts are welcome.

  See the security box

  area to area

  Members of Interfaces:

  GigabitEthernet0/0.15

  GigabitEthernet0/0.30

  GigabitEthernet0/0.35

  GigabitEthernet0/0.45

  area outside zone

  Members of Interfaces:

  GigabitEthernet0/1

  sslvpn area area

  Members of Interfaces:

  Virtual-Template1

  SSLVPN-VIF0

  I tried to change the composition of the area on the interface virtual-Template1 to the outside the area nothing helps.

  See the pair area security

  Name of the pair area SSLVPN - AUX-in

  Source-Zone sslvpn-area-zone of Destination in the area

  Service-SSLVPN-AUX-IN-POLICY

  Name of the pair area IN SSLVPN

  Source-Zone in the Destination zone sslvpn-zone

  service-policy IN SSLVPN-POLICY

  Name of the pair area SELF SSLVPN

  Source-Zone sslvpn-area free-zone Destination schedule

  Service-SELF-to-SSLVPN-POLICY

  Zone-pair name IN-> AUTO

  Source-Zone in the Destination zone auto

  Service-IN-to-SELF-POLICY policy

  Name of the pair IN-> IN box

  In the Destination area source-Zone in the area

  service-policy IN IN-POLICY

  Zone-pair name SELF-> OUT

  Source-Zone auto zone of Destination outside the area

  Service-SELF-AUX-OUT-POLICY

  Name of the pair OUT zone-> AUTO

  Source-Zone out-area Destination-area auto

  Service-OUT-to-SELF-POLICY

  Zone-pair name IN-> OUT

  Source-Zone in the Destination area outside zone

  service-strategy ALLOW-ALL

  The pair OUT zone name-> IN

  Source-out-zone-time zone time Zone of Destination in the area

  Service-OUT-to-IN-POLICY

  Name of the pair area SSLVPN-to-SELF

  Source-Zone-Zone of sslvpn-area auto

  Service-SSLVPN-FOR-SELF-POLICY

  I also tried to add a pair of area for the outside zone sslvpn-zone passing all traffic and it doesn't change anything.

  The area of networks

  G0/0.15

  172.16.0.1 26

  G0/0.30

  172.16.0.65/26

  G0/0.35

  172.16.0.129/25

  G0/0.45

  172.18.0.1 28

  Pool of SSL VPN

  172.20.0.1 - 172.20.0.14

  Latest Version of IOS:

  Cisco IOS software, software C2900 (C2900-UNIVERSALK9-M), Version 15.0 (1) M10, RELEASE SOFTWARE (fc1)

  Glad works now. Weird question, no doubt.

  I guess that on the deployment guide said that the firewall will not support inspection of TCP to the free zone, however, class nested maps are used to accomplish this, to be completely honest, I think it's a mess and the best thing to do is action past to auto for the protocols that you want and then drop the rest.

  Let us know if you have any other problems.

  Mike

• Incorporate analysis into a web portal without display headers OBI

  Is it possible to integrate an analysis of Oracle BI 11 in an iframe to a web portal without display headers OBI?

  I tried with GO the URL.

  When I use a URL, as in OBI10 http://obiserver:9704/analytics/saw.dll?Go & path = % 2Fshared % 2FPruebas % 20RGPrueba & NQUser = myuser & NQPassword = mypwd, it displays the header.

  If I use the URL with Action = extraction, http://ora11g.hiberus.local:9704/analytics/saw.dll?Go & path = % 2Fshared % 2FPruebas % 20RGPrueba & NQUser = myuser & NQPassword = mypwd & Action = Extract, it does not display the headers but I can't deepen.

  Any help is very appreciated.

  To resolve this problem, add it '& hideMainBar = true' parameter in the URL.  This will remove the global header (Bug 16971577 - the HELP of THE GO URL BIEE11.1.1.7, GLOBAL header if POSTER)

• Can I create a Web site using Muse where classmates can submit their projects photo and other students can search for these photos using keywords?

  Can I create a Web site using Muse where classmates can submit their projects photo and other students can search for these photos using keywords?

  You need a dynamic Server backend. You can't do it just with Muse. You can connect to one of the catalyst for business advanced accounts to implement these features or use widgets from third party services. Otherwise look you in systems such as Joomla, Typo3, Wordpress etc. and not even set up with muse.

  Mylenium

• Configure VMware Horizon Page Web portal for end users

  Hello

  Is this the only way to configure / customize Web portal for end-users Page?

  Documentation centre for Horizon 6 version 6.1

  There is no other way to make it look like our company's website, or use programs Adobe to do the editing?

  Concerning

  K

  I came across this site: http://www.virtuallyghetto.com/2015/02/how-to-customize-the-new-vsphere-6-0-web-client-login-ui.html you may be able to use the same concept with the files of the web portal.

  Here are a few files that seem to be toward the top of the portal page: C:\Program VMware View\Server\broker\webapps\portal

  You could probably modify these files to suit your business needs. But of course, this would not be a change in support.

• Assign the new manager through Web portal

  Hello experts,

  I am trying to assign a new manager through Web portal for all users (by going to the people-> assign to the new Manager-> set new manager and date in v7) and the system does not change the Manager. He's not even plan a change, at least nothing shows in respect of deferred operations. In looking at documentation it says it is STANDARD and there is no global configuration setting for this. Everyone knows about this problem before?

  Thank you

  Sergei Shvets

  The new assignment in the web portal Manager starts a request workflow.

  Please see the documentation for web portal for more information.

  https://documents.software.Dell.com/Identity-Manager/7.0.1/Web-portal-user-guide/working-with-the-Web-portal/managing-employees/assigning-a-new-Manager-to-employees

• ASA Cisco Anyconnect Web portal Redirect

  How can I have my portal ASA Anyconnect redirect to https? The problem is that, unless the user types https:// , they cannot solve the page. I need the ability to something like vpn.domain.com redirect to https://vnp.domain.com in the users browser.

  http redirect outside 80

  Michael

  Please note all useful posts

• SSL VPN - ASA - Active Directory LDAP

  Hello

  Scenario: ASA 8.0 (3) running SSL VPN for remote users. LDAP also authenticates access and connect to the ASA.

  For some reason any (we had a power failure, but the problem may be caused by other reasons as well), I can not connect to the ASA, as my login ID does not work, and remote users get connection error when trying to authenticate via SSL VPN web gui.

  I have rebooted the ASA and AD without any change in the situation. This service worked very well before and the problem happened suddenly. No one has all the changes for the configs. Customer do not have a backup configuration. Any suggestion on what would be the best next action to solve this problem? I'm not expert on the Microsoft LDAP configuration, and if anyone knows where I can check in Microsoft windows server 2003 for the possible LDAP problem, that would be greatly appreciated.

  Thank you

  rdianat

  the ldap bind account is just a normal user account. He didn't need even administrative permissions. If you want to use ldap for password changes he needs to password change permissions, but otherwise just a normal user account - make sure it cannot be locked in AD or the password never expires none of this things. you will see the name of the ldap account in the config of the SAA.

  LDAP-login-password *.

  LDAP-connection-dn *.

• Customization of the Portal helps ASA

  I am trying to modify the help file for the web application, but it doesn't show any changes, I went the customization assistance under the portal, imported html file and save the config. But always in the browser, is to show the old help content of the file. How to do this?

  Thank you

  Yes, this seems to be correct.

  Here are the steps documented for your reference:

  http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a008094abcb.shtml#helpapps

  You choose the appropriate language? as well as the correct file name (web-access - hlp.inc)?

  What version of ASA and ASDM?

• Site2Site VPN ASA 5505 - allow established traffic

  Hello

  I have an ikev1/Ipsec tunnel between two ASA.

  Network with local 10.31.0.0/16

  The other network with local 172.21.0.0/24

  But I would like that only traffic that is launched from the 10.31.0.0/16 is allowed to 172.21.0.0/24 to 10.31.0.0/16 is it possible?

  (to answer 10.31.0.0/16 is enable between this remote network 172.21.0.0/24)

  Best regards, Steffen.

  Hello

  If I didn't understand anything wrong in the above question then I think you might be able to perform the following operations on the ASA with the local network of 10.31.0.0/16.

  The ASA has the following global configuration, which is the default if you don't the have not changed

  Sysopt connection permit VPN

  This show CUSTOMARY in CLI configuration given above is the default setting.

  You can check this with the command

  See the race all the sysopt

  This will list even the default setting

  Now that this configuration means essentially is allow ALL traffic that comes through a VPN connection to get through the ASA ACL interface. So in your case at the location where the ASA with the network 10.31.0.0/16, the ASA would allow connections coming through the other network of 172.21.0.0/24 sites (as long as it was OK on other sites ASAs LAN interface ACL)

  What you could do is to insert the following configuration

  No vpn sysopt connection permit

  What this would do is ask you to ALLOW ALL traffic that is coming through the VPN connection via the interface ' outside ' of the ASA you want to spend. (which I suppose is the name of your current interface that handles VPN connections). In other words, the VPN traffic would not receive a "pass" to get through the ACL of 'outside'interface, instead you must allow as all other traffic from the Internet.

  If you decide to do, then you MUST CONSIDER the following thing. If you have other VPN connections as other connections L2L VPN or VPN Client, THEN you must first allow their traffic in your 'external' ACL interface for the SAA to the LAN. If you do this and insert the configuration above, you will notice that the traffic will start to get blocked by the "external" ACL interface (or if you don't have an ACL configured then the ASAs 'security level' will naturally block traffic in the same way as would an ACL)

  So if we assume that the L2L VPN is the only link you had configured on the SAA with 10.31.0.0/16 then the following changes would happen.

  • Hosts in the network 10.31.0.0/16 would be able to open connections to the remote network of 172.21.0.0/24 provided interfaces LAN what ACL allow this traffic
  • Return for this connection of course traffic be would allow by the same ASA like all other traffic.
  • IF certain incoming connection requests to the ASA with 10.31.0.0/16 network 172.21.0.0/24 network, it could crash except IF you ALLOW it to the 'outside' interfaces ACL

  Hope this made sense and helped

  Think about scoring the answer as the answer if it answered your question.

  Naturally ask more if necessary

  -Jouni

• Site to site VPN (ASA-&gt; router IOS, with two interfaces) help

  Dear,

  I need help to configure VPN from Site to Site of cisco ASA to the IOS router, the router has 2 WAN links, a primary and secondary backup.

  There was only a single week of link there is, now we have installed the second link as a backup, we use OSPF as the routing protocol.

  VPN with simple link worked fine, now, when the main link fails the network is down.

  Waiting for response.

  There is an easy solution.  On the router, you must terminate the VPN on the loopback interface.

  something like this:

  interface lo0

  IP x.x.x.x where x.x.x.x

  card crypto-address lo0

  interface wan_1

  vpn crypto card

  interface wan_2

  vpn crypto card

  One condition is that the loopback interface has accessible by the device of the SAA.