which product is right for the ssl vpn: asa 5505 cisco 1841 or
Hello
I want to install an outside link management related so that we can ssh to our cisco devices and microsoft RDP toour servers. It's my configuration (based on what I know):
Internet > DSL modem > ASA 5505 > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server
or
Internet > 1841 with DSL HWIC > management CONSOLES SWITCH > SWITCH CISCO or Windwos Server
My questions are:
Should I go for ASA or 1841 router?
What options is better? and ASA will do the job?
Are there any technical support prior to purchase of products in Australia? I need technical advice on the choice of the right products, not justs eiling me products.
Hello
Its strongly suggested to go with ASA 5505 in the first place, it is supposed to feature for the main functionality of ssl vpn server from 1841 which has this feature to be a vpn server.
ASDM also gives you the freedom to config box on your own based on your condition.
regds
Tags: Cisco Security
Similar Questions
-
Control the access of the user for the SSL VPN profile.
I have two ssl vpn profile, can I restricted the user to access only ssl vpn profile, when they get to the page of the ssl vpn service. Each profile to create different types of access, and they will have different client IP address.
Hello
Yes, using different ways; one of them is using group-lock, which is a simple check to validate if the Tunnel group or the connection profile as you called it with that sign corresponds to what you have defined under group policy. If the value of Tunnel-Group-Lock (condition true), the VPN remote access session is allowed to install; otherwise the session is not allowed to be implemented.
The tunnel-group-lock featurecan be defined as follows:
- via the group-policy setting locally on ASA
- via the LDAP attribute
- via the Radius attribute
http://www.Cisco.com/en/us/partner/docs/security/ASA/asa82/configuration/guide/vpngrp.html#wp1134870
Step 4
Kind regards
-
Client VPN Cisco ASA 5505 Cisco 1841 router
Hello. I'm doing a connection during a cisco vpn client and a vpn on one server asa 5505 behind a 1841 router (internet adsl2 + and NAT router).
My topology is almost as follows
customer - tunnel - 1841 - ASA - PC
ASA is the endpoint vpn (outside interface) device. I forward udp port 500 and 4500 on my router to the ASA and the tunnel rises. I exempt nat'ting on the asa and the router to the IP in dhcp vpn pool. I can connect to my tunnel but I can't "see" anything in the internal network. I allowed all traffic from the outside inwards buy from the ip vpn pool and I still send packets through the tunnel and I get nothing. I take a look at the statistics on the vpn client and I 2597 bytes (ping traffic) and there are no bytes. Any idea?
Where you you logged in when you took the "crypto ipsec to show his"? If this isn't the case then try again, also this option allows IPSEC over UDP 4500 and it is disabled, enable it.
ISAKMP nat-traversal crypto
Just enter the command as it is, then try to connect again after activation of this option and get the same result to see the.
-
prevent the SSL VPN user to access ASA cli
Hello
I set up multiple users on my ASA in its local database.
These users are used for the ssl vpn connection, but the problem I have is that users
also have SSH access. Is it possible to avoid this?
Thank you
Hello Raf,
If you do something like this:
username xxx attributes
type of remote access service
the user should not get access CLI more.
Kind regards
Bastien
-
THE SSL VPN CLIENT ERROR!
VPN concentrator running 4.7. I have to connect to the web vpn session. The SSL VPN Client installs. Message that says: "so that the SSL VPN connection is pending" and later another message appears that says "HTTP RESPONSE received from gateway SSL VPN is not valid" appears.
What is strange is that the VPN concentrator lists me as it is connected with an IP address assigned to the ACS, but I can't access anything whatsoever. BTW, no ACLs WEB or IP filters are configured for this group that would not allow me access to the network. In addition, with the same information identification and the same group, I have no problem to access the network when the client SSL VPN is not configured to be used. IE web vpn before 4.7.
Any ideas?
The "VPN SSL HTTP RESPONSE received from gateway is incorrect" message may appear if the configuration of the client of the concentrator contains over split tunneling 26 entries.
-
Is the KC991AA '/ tx1000 tx2000 laptop battery 8-cell' right for the TX2?
Is the KC991AA '/ tx1000 tx2000 laptop battery 8-cell' right for the TX2? The descriptions on the website do not mention the TX2 at all even if accessories TX2 page is linked to the page for this battery.
HP: can update you the web site?
RQ204AA (6 cells) and KC991AA (8 cells) are compatible with the tx series... Yes, that's correct.
-
Hello
How to give administrative rights for the domain users (user is outside organization).
If the employee works in the company of xxxx but it supports the client project and is located on the place of the customer, but it does not use the client computer and not on the client domain as well, but the employee is in the company of xxxx must be given administrative rights to the computer. can someone help me on this ASAP.
Thank you
MURUGESAN Rudy,
This issue is beyond the scope of this site and to make sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers) -
Hello
Which is more effective for the bridge or photoshop contact sheets?
Thank you.
Duplicate thread: which is more effective for the bridge or photoshop contact sheets?
-
install cs6, have the cs5 serial number, he said no product calling not for the upgrade
install cs6, have the cs5 serial number, he said no product calling not for the upgrade
Hello
Please see -https://helpx.adobe.com/creative-suite/kb/error-serial-number-qualifying-product.html
I hope this helps.
Kind regards
Vivet
-
Hello, I am designing a folio in 2 languages: English and Arabic. I intend to have my cover in the middle and start planning readability from left to right for the English version and right left in Arabic. How do I do that in Indesign? How can I configure my cover like the one in the middle and start dragging in both sides according to the language? @
"Right edge binding" can be applied to the level of Folio (properties panel Folio Builder Folio) so you would need to have two different folios for what you want to achieve, I think.
-
Hello
I want to configure SSL VPN for mobile users on ASA 5510 I have following requirements
> What are the condition of licence on ASA 5510 VPN with Anyconnect SSL?
> VPN users have full access to the local network via ASA
> Authentication method preferred, Local or AD (LDAP)
> users use not laptops should be limited to the Clientless SSL VPN
> How to add a URL is visible to users in the Web page
> Can someone view example configuration for the above requirements
TIA
Hitesh Vinzoda
> If you need both AnyConnect and WebVPN (Clientless SSL VPN), you can buy the AnyConnect Premium license (and this is a base user license). The ASA would come with default 2 SSL VPN license.
> To have full access to the local network, you must use AnyConnect SSL VPN. Here is an example of configuration:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808efbd2.shtml
> You can authenticate to AD or Local or RADIUS, etc. By default, this would be local authentication.
> Here's some example configuration for clientless SSL VPN:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008072462a.shtml
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00806ea271.shtml
Hope that helps.
-
Should what license I for 25 SSL VPN peers
Hi all
I want to implement cluster active / standby with a pair of ASAs 5550 and I have a licensing question. Here's the "sh - key retail activation" leave two output devices...
ASA1:
SH - activation in detail key:
Serial number: XXXXX
No temporary key assets.
Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 250
Internal hosts: unlimited
Failover: Active/active
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 2
GTP/GPRS: disabled
SSL VPN peers: 2
Total of the VPN peers: 5000
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect Cisco VPN phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes an ASA 5550 VPN Premium license.
Flash activation key is the SAME as the key running.
ASA2:
SH - activation in detail key:
Serial number: XXXXX
No temporary key assets.
Activation key running: XXXXX XXXXX XXXXX XXXXX XXXXX
The devices allowed for this platform:
The maximum physical Interfaces: unlimited
VLAN maximum: 250
Internal hosts: unlimited
Failover: Active/active
VPN - A: enabled
VPN-3DES-AES: enabled
Security contexts: 2
GTP/GPRS: disabled
VPN SSL counterparts: 25
Total of the VPN peers: 5000
Sharing license: disabled
AnyConnect for Mobile: disabled
AnyConnect Cisco VPN phone: disabled
AnyConnect Essentials: disabled
Assessment of Advanced endpoint: disabled
Proxy sessions for the UC phone: 2
Total number of Sessions of Proxy UC: 2
Botnet traffic filter: disabled
This platform includes an ASA 5550 VPN Premium license.
Flash activation key is the SAME as the key running.
--------------------------------------------------------------
It seems so obvious that I have to upgrade the first ASA to support 25 SSL VPN peers in order to create the cluster HA, right?
Now, I want to know do I need the license "ASA5505-SSL25-K9" or something else.
Thank you very much in advance for any help!
Ah OK I see - right then: upgading pole will allow the license to share.
Re the version target, I would recommend going directly to 8.4 (4.1). I have it deployed on several sites without problem.
-
New for mapping SSL VPN ACS ASA - ASA groups
Greetings,
I am new to ASA, so any help is greatly appreciated.
I just installed and installed an ASA 5520. I installed an SSL VPN. What I'm trying to achieve is to configure profiles of different groups and different users can access various resources when they access the VPN.
Current config-
ASA 5520 v8.3
ACS 4.0
Field of Windwos 2003
I have different installation profiles in the ASA. (i.e. business Dept.) When I choose in the drop down menu, it allows me to open a session and displays the options I've chosen for this group. The problem is that I can connect in this group with any account. GBA, all windows domain users are in the default group. I guess the default group is being processed and which has hosted and user logon.
Can anyone provide a good article or tips on how to configure the ASA and the ACS for several groups of users. We have several departments that will have to get the parameters when they connect. The ACS groups are mapped to the Windows groups that correspond to each Department
Any help is greatly appreciated.
Thank you
Tim
Hello
I think that you need to activate locking group.
In order to configure Group locking, send group policy name in the attribute class 25 on the Authentication Dial - In User Service (RADIUS Remote) server and choose the group to lock the user in policy. For example, to lock the user 123 of Cisco in the RemoteGroup group, define the class of attributes 25 Internet Engineering Task Force (IETF) UO = RemotePolicy; for this user on the RADIUS server.
-
Cannot change the SSL VPN customization
Hello
I have ASA 5520 and activate SSL VPN
I want to optimize my portal page, removing the "Cisco SSL VPN" and put my company name and logo.
I created a new customization, but when click on Edit to change a wen page appears but the load.
can someone help me?
Concerning
If you want to change the Cisco logo for your company logo, please follow this example configuration for personalization of Portal:
Change the logo:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808bd92b.shtml
Change the title:
http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808bd861.shtml
Hope that helps.
-
For the SSL certificate expiration date
Hello
We use Adobe LiveCycle Installation of JBoss, and the SSL certificate that we use to enable rights management has expired.
We have created a new which now works fine, but we would like to know if there is a way to control or extend the expiration date of the certificate, such as 3 months is a very short time.
Kind regards
Marwa
The server SSL certificate is used for active between Acrobat and LiveCycle Rights Management Server to encrypt HTTP traffic. It 'does NOT' management of rights in itself. In other words, even if at the end of the ceriticate SSL, Adobe LiveCycle Rights Management will continue to work.
You do not control the expiration date of the certificate. The -validity argument allows you to control, in terms of days. 3650 will set the expiry of 10 years from the date of creation.
More details here:
http://blogs.Adobe.com/LiveCycle/2007/10/configuring_jboss_403_sp1_for_1.html
Maybe you are looking for
-
How can I connect to wifi, it seems as if I need a password. do I have to contact the site some how.
-
Difference between dynamic and static converters
Hi, I am looking to understand the difference between a static and a dynamic DAC. I will work on a project that has a very high number of analog outputs 30 IO. I need a Board of 16-bit resolution. I intend to update outputs at a low frequency in the
-
I can't send emails via my MSN account.
Your message seems to have triggered our spam filters. Could you edit your post and try again? I'm not happy that I can't send E-mail. I have to say very poor service. why I often cann't send e-mail as normal communication? I'm not as it happen!
-
Anyone have any suggestions where I might find a Visual from the back of the PC location of ports. Thank you.
-
I run windows xp on HP Pavilion 750, in the past, I have not had a problem writing to the photos from my computer on disc. It now written up so I get a message cannot keep any body can help please. original title: problem writing Photos...