扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
Choose the interface to terminate WebVPN users > Enable > Apply.
2 Choose Servers and URLs > Add
Enter a name for the list of servers accessible by WebVPN. Click the Add button. The Add Server or URL dialogue box displays. Enter the name of each server. This is the name that the client sees. Choose the URL drop-down menu for each server and choose the appropriate protocol. Add servers to your list from the Add Server or URL dialogue box and click OK.
Click Apply > Save.
3 Expand General in the left menu of ASDM. Choose Group Policy > Add.
Choose Add Internal Group Policy. Uncheck the Tunneling Protocols: Inherit check box. Check the WebVPN check box.
Choose the WebVPN tab. Uncheck the Inherit check box. Choose from the list of features. Click OK > Apply.
4 Choose the Tunnel Group in the left column. Click the Edit button.
Click the Group Policy drop-down menu. Choose the policy that was created in Step 3.
It is important to note that if new Group Policies and Tunnel Groups are not created, the defaults are GroupPolicy 1 and DefaultWEBVPNGroup. Click the WebVPN tab.
Choose NetBIOS Servers. Click the Add button. Fill in the IP address of the WINS/NBNS server. Click OK > OK. Follow the prompts Apply > Save > Yes to write the configuration.
命令行配置
ciscoasa#show running-config
Building configuration...
ASA Version 7.2(1)
hostname ciscoasa
domain-name cisco.com
enable password 9jNfZuG3TC5tCVH0 encrypted
names
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address 172.22.1.160 255.255.255.0
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.2.2.1 255.255.255.0
interface Ethernet0/2
nameif DMZ1
security-level 50
no ip address
interface Management0/0
description For Mgt only
shutdown
nameif Mgt
security-level 0
ip address 10.10.10.1 255.255.255.0
management-only
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.com
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ1 1500
mtu Mgt 1500
icmp permit any outside
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 10.2.2.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 172.22.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
!
!--- group policy configurations
!
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
webvpn
functions url-entry file-access file-entry file-browsing mapi port-forward filter
http-proxy auto-download citrix
username cisco password 53QNetqK.Kqqfshe encrypted
!
!--- asdm configurations
!
http server enable
http 10.2.2.0 255.255.255.0 inside
!
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
!
!--- tunnel group configurations
!
tunnel-group DefaultWEBVPNGroup general-attributes
default-group-policy GroupPolicy1
tunnel-group DefaultWEBVPNGroup webvpn-attributes
nbns-server 10.2.2.2 master timeout 2 retry 2
!
telnet timeout 5
ssh 172.22.1.0 255.255.255.0 outside
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
!
!--- webvpn configurations
!
webvpn
enable outside
url-list ServerList "WSHAWLAP" cifs://10.2.2.2 1
t "FOCUS_SRV_1" https://10.2.2.3 2
url-list ServerList "FOCUS_SRV_2" http://10.2.2.4 3
!
prompt hostname context
!
end
验证
Establish a connection to your ASA device from an outside client to test this:
https://ASA_outside_IP_Address
The client receives a Cisco WebVPN page that allows access to the corporate LAN in a secure fashion. The client is allowed only the access that is listed in the newly created group policy.
Authentication:A simple login and password was created on the ASA for this lab proof of concept.
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者