CLIENTLESS SSL VPN ON CISCO ASAA

Size: px

Start display at page:

Download "CLIENTLESS SSL VPN ON CISCO ASAA"

Linette Conley
5 years ago
Views:

1 CLIENTLESS SSL VPN ON CISCO ASAA CERTVIDEOS-ASA CONFIGURATION CERTVIDEOS-ASA# show run : Saved : ASA Version 8.4(2) hostname CERTVIDEOS-ASA enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names interface GigabitEthernet0 nameif outside security-level 0 ip address interface GigabitEthernet1 nameif inside

2 security-level 100 ip address interface GigabitEthernet2 interface GigabitEthernet3 interface GigabitEthernet4 interface GigabitEthernet5 ftp mode passive dns domain-lookup outside dns domain-lookup inside access-list inside-in extended permit ip any any access-list outside-in extended permit tcp any host eq www access-list outside-in extended deny ip any any access-list Tunnel-192 standard permit access-list internal-acl webtype permit url ftp:// log default access-list internal-acl webtype permit url log default access-list internal-acl webtype permit url rdp:// log default access-list internal-acl webtype deny url any log default pager lines 24 logging enable logging timestamp logging host outside logging permit-hostdown mtu outside 1500 mtu inside 1500 no failover icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-647.bin

3 no asdm history enable arp timeout access-group outside-in in interface outside access-group inside-in in interface inside route inside timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy user-identity default-domain LOCAL http server enable 8443 http outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart crypto ca trustpoint CA enrollment url keypair CERT-KEYS crl configure crypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=CERTVIDEOS-ASA keypair SSL-KEYS crl configure crypto ca certificate chain CA certificate ca b a d0609 2a f70d e f732e63 6f6d301e 170d a17 0d a e f 732e636f 6d30819f 300d0609 2a f70d d b48 bb2c7c1a e114450b 189a6192 aab0ee69 95e99bbf f63b39e4 5edd5be2 47ad534a c a47778de 09573b2f 1fd18433 bac9c ea5 e82ac2e6 79e1f370 2a6551a3 63aba5ca e510f660 3fa ca90049 c0c78dad 82d6a9d5 3ee91a99 df819d44 1aa127b4 3e7c8354 ccb60d65 412b7eb1 e94b f4602 5b4d a f d ff ff 300e d0f01 01ff f d e37574 aa0195e4 2f060e97 3c956ec3 5ab7091f 01301d d0e e37574aa 0195e42f 060e973c 956ec35a b7091f01 300d0609 2a f70d d470b 958dc1fc 53d24b9b 2d2cf9ed f34e9bda c4f2195a bf c18772fa ff 508ea06d 100ba11e 1fcc4291 ee8a08bc 29fa31e6 d557768f ede08a54 4e667ed3 948bb b4c c d51cf517 b2b9e143 a6c6f a4e7a c7 8a74b06b 0f393e27 6ec0df81 36e6f172 be7677f3 de66335d 61701c quit

4 crypto ca certificate chain ASDM_TrustPoint0 certificate 5bc96d e a b c96d5330 0d06092a f7 0d e f 532d d30 1b06092a f7 0d e f53 2d e170d a170d a e f532d d301b06 092a f70d e f532d f300d06 092a f70d d c d7 e303141a adb8daa0 523f7bba ac a3dfb9d5 7b157e3d d604e4d1 e320bd74 c3c3dbd b c673e356 b55be32f d787c8d3 38ac43bc e612fc9e 0b4a3d64 e1709a7f 113c2a7c 8ac4dfcb e1b72e71 e9b1602a ab21fb1c fc4dbccb 243e7136 1cad1cb6 9db162a7 4fe cf61877 e bcbaa8 df d0609 2a f70d aefe6da5 5acf7be7 079e6cf8 7b1e427f 6ce2cc a9c f7 8ccf1e9d 3e3579cc a32c748b daa28c fe4dfefc 276a f6137f ec35945c 9b866a25 41b23c93 6ba883ba fcf09b51 72cc0bc4 cbe7f63f 65c7a8af 5b b7554f a9b309ba 546fb b c5fb3 fda799ea cc98949f 562c4a quit crypto ikev2 remote-access trustpoint CA telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept ssl trust-point CA outside webvpn enable outside csd image disk0:/csd_ k9.pkg port-forward telnet-port-forward telnet Telnet port-forward rdp rdp tunnel-group-list enable cache cache-static-content enable group-policy Certvideos-policy internal group-policy Certvideos-policy attributes banner value This is the certvideos group policy vpn-tunnel-protocol ssl-clientless webvpn url-list value Certvideos-Bookmarks filter value internal-acl username certvideos-user password xj9yifab0tsoovpg encrypted username certvideos-user attributes service-type remote-access username vpn-user password 8NHmONCo.zug0eVf encrypted username vpn-user attributes service-type remote-access

5 username shyam password KqFsdwZ5V/MffXFG encrypted privilege 15 tunnel-group Certvideos type remote-access tunnel-group Certvideos general-attributes default-group-policy Certvideos-policy tunnel-group Certvideos webvpn-attributes group-alias Certvideos-alias enable group-url enable prompt hostname context no call-home reporting anonymous call-home profile CiscoTAC-1 no active destination address http destination address destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily crashinfo save disable Cryptochecksum:01e302b0336eea852328af672c823ca1 : end CERTVIDEOS-ASA# CERTVIDEOS-ASA CONFIGURATION CERTVIDEOS-CA#show run Building configuration... Current configuration : 2357 bytes No configuration change since last restart version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption hostname CERTVIDEOS-CA

6 boot-start-marker boot-end-marker no aaa new-model memory-size iomem 5 ip cef no ip domain lookup multilink bundle-name authenticated crypto pki server CA database level complete issuer-name CN=certvideos.com grant auto hash sha1 lifetime ca-certificate 365 crypto pki trustpoint CA revocation-check crl rsakeypair CERT-KEYS crypto pki certificate chain CA certificate ca B A D0609 2A F70D E F732E63 6F6D301E 170D A17 0D A E F 732E636F 6D30819F 300D0609 2A F70D D E4FD 83600EB1 8CF57F54 2F6084A1 B25C2C08 669ED4CA DD 6DEB816B 121D056E D6AE0EC8 3F0C23AB AA21D7D9 823B3050 FACE1D08 DD5B477E 32D065EA 26F9C73E B11D26E2 B6A6622D CF21E54E CD025DD1 92A C1BE75 694CE343 5AACC9CF B B C5F36C 2C15E556 84A3AE35 739CAA0B EE5B A F D FF FF 300E D0F01 01FF F D F867A 918C8D31 F2D9D580 DE85E197 0F49B5A1 E6301D D0E F867A91 8C8D31F2 D9D580DE 85E1970F 49B5A1E6 300D0609 2A F70D F 54527BA2 7543A54C D70BE64A FA5B54F6 9E F05A1630 B68BF FAD6F 898E94F4 0FE980EE 01AA1891 3BB1DD86 5FAD28E CB9BCAF CC AC07E B84D7C33 B3D4D0FA 62DF0B2D 1F826DB5 3D5E BEA E5A73BBB CB62F08A 6D92C9E2 8AC8F D2C0 C90EFD03 F4A1E3 quit

7 archive log config hidekeys interface FastEthernet0/0 ip address duplex auto speed auto interface FastEthernet0/1 ip address duplex auto speed auto ip forward-protocol nd ip route ip http server no ip http secure-server control-plane line con 0 exec-timeout 0 0 logging synchronous line aux 0 line vty 0 4 login end CERTVIDEOS-CA#

Orbit Corporation CISCO ASA LAN Based Active / Standby Failover. Waqas

Orbit Corporation CISCO ASA LAN Based Active / Standby Failover. Waqas Orbit Corporation CISCO ASA - 5520 LAN Based Active / Standby Failover Waqas 13 Cisco ASA LAN Based Active / Standby Failover Configuration Primary ASA Cli Configuration Changes Highlighted in Yellow for