Clientless SSL VPN Remote Users

Similar documents
Clientless SSL VPN End User Set-up

Clientless SSL VPN Users

Cisco Secure Desktop (CSD) on IOS Configuration Example using SDM

Clientless SSL VPN Troubleshooting

Clientless SSL VPN Troubleshooting

VII. Corente Services SSL Client

Cisco Unified Serviceability

UNIVERSITY INFORMATION TECHNOLOGY TRAINING & DOCUMENTATION DEPARTMENT GETTING STARTED WITH TUFTS VIRTUAL PRIVATE NETWORK VIA THE WORLD WIDE WEB

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

ASA Clientless SSL VPN (WebVPN) Troubleshooting Tech Note

The Cisco HCM-F Administrative Interface

Client 2. Authentication 5

SSL VPN User Guide. Access Manager Appliance 3.2 SP2. June 2013

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Novell Access Manager

Browser Settings. Updated 4/30/ SSF

CFS Browser Compatibility

SSL VPN Web Portal User Guide

Remote Access VPN. Remote Access VPN Overview. Licensing Requirements for Remote Access VPN

Clientless SSL VPN Overview

VDI Users Guide. Mac OS X

The Rockefeller University I NFORMATION T ECHNOLOGY E DUCATION & T RAINING. VPN Web Portal Usage Guide

Aventail WorkPlace. User s Guide Version 8.7.0

IT Access Portal User Guide (Employees)

Novell Access Manager

Hosted Microsoft Exchange Client Setup & Guide Book

APSCN VPN Settings for Windows 7 2. APSCN VPN Settings for Windows XP 8. APSCN VPN Settings for MAC OS 15

Troubleshooting Web Inbox

Clientless SSL VPN Users

Novell Access Manager

Realms and Identity Policies

This guide provides all of the information necessary to connect to MoFo resources from outside of the office.

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Remote VPN Remote access for personal devices

How to connect to the University of Exeter VPN service

Access Gateway 9.3, Enterprise Edition

3.1 Getting Software and Certificates

Procedure for Connecting to OIL VPN

Cisco Craft Works Interface Quick Start Guide Cisco IOS XR Software Release 3.2 1

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Cisco Passguide Exam Questions & Answers

Clear Cache Guide Click here for Windows guide Click here for Mac OS guide

NetExtender for SSL-VPN

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Installing and Configuring vcloud Connector

Secure Access Troubleshooting Rewrite related issues (Core/Web Based Access)

Logging into the Firepower System

Cisco CTL Client setup

Instructions for Configuring Your Browser Settings and Online Security FAQ s

Managing GSS Devices from the GUI

Hypertext Transfer Protocol Over Secure Sockets Layer (HTTPS)

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Instructions For Configuring Your Browser Settings and Online Banking FAQ's

Configuring the CSS for Device Management

Practice Labs User Guide

TIBCO LiveView Web Getting Started Guide

Using Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

System 44 Installation Guide

School Installation Guide ELLIS Academic 5.2.6

Set Up with Microsoft Outlook 2013 using POP3

The Reading Inventory Installation Guide

PSEG SSL VPN USER GUIDE

FASTT Math Installation Guide

Accessing Carolinas Healthcare System Resources Remotely

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

SSL VPN Web Portal User Guide

ASA 8.0: How to Change the WebVPN Logo

QuestionPoint chat The Guide to IE browser setup Last updated: 2009 June 23

Portal User Guide. Best practice tips and shortcuts Icon Legend Informational notes about functions. Important warnings about a function

Aventail Connect Client with Smart Tunneling

CyberTools for Libraries Catalog Functions ,

Remote Access via Cisco VPN Client

SETUP FOR OUTLOOK (Updated October, 2018)

Cisco s AnyConnect VPN Client (version 2.4)

Cisco CTL Client Setup

Troubleshooting Cisco DCNM

CLI users are not listed on the Cisco Prime Collaboration User Management page.

REMOTE ACCESS TO HUSKY S COMPUTER NETWORKS TWO WAYS TO CONNECT IN EUROPE

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

SASSL v1.0 Managing Advanced Cisco SSL VPN. 3 days lecture course and hands-on lab $2,495 USD 25 Digital Version

WebConnect Through the Internet

MyFloridaNet-2 (MFN-2) Remote Access VPN Reference Guide

CyberTools for Libraries Catalog Functions , ,

SonicOS Enhanced Release Notes

User Identity Sources

New Features for ASA Version 9.0(2)

Troubleshooting. Cisco WebEx Meetings Server User Guide Release 3.0 1

Release Notes. Dell SonicWALL SRA Release Notes

Administration of Cisco WLC

How to Configure Authentication and Access Control (AAA)

CommandCenter Secure Gateway User Guide Release 5.2

System 44 Installation Guide

Republicbank.com Supported Browsers and Settings (Updated 03/12/13)

Administration of Cisco WLC

PS Suite EMR ASP Remote Access Setup Guide for Macintosh computers

Troubleshooting. Participants List Displays Multiple Entries for the Same User

DB Secure-Access-Portal User Guide for RAS VPN

Support User Manual. For Enterprise Clients and their Readers. Vitrium Systems [October 18 th, 2010]

Transcription:

This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: Make sure that the ASA has been configured for Clientless SSL VPN., page 1 This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: Make sure that the ASA has been configured for Clientless SSL VPN. Usernames and Passwords Depending on your network, during a remote session users may have to log on to any or all of the following: the computer itself, an Internet service provider, Clientless SSL VPN, mail or file servers, or corporate applications. Users may have to authenticate in many different contexts, requiring different information, such as a unique username, password, or PIN. Ensure users have the required access. The following table lists the type of usernames and passwords that Clientless SSL VPN users may need to know. Table 1: Usernames and Passwords to Give to Clientless SSL VPN Users Entered When Login Username/ Password Type Computer Access the computer Starting the computer 1

Communicate Security Tips Login Username/ Password Type Internet Service Provider Clientless SSL VPN File Server Corporate Application Login Mail Server Access the Internet Access remote network Access remote file server Access firewall-protected internal server Access remote mail server via Clientless SSL VPN Entered When Connecting to an Internet service provider Starting a Clientless SSL VPN session Using the Clientless SSL VPN file browsing feature to access a remote file server Using the Clientless SSL VPN Web browsing feature to access an internal protected website Sending or receiving email messages Communicate Security Tips Communicate the following security tips: Always log out from a Clientless SSL VPN session, click the logout icon on the Clientless SSL VPN toolbar or close the browser. Using Clientless SSL VPN does not ensure that communication with every site is secure. Clientless SSL VPN ensures the security of data transmission between the remote computer or workstation and the ASA on the corporate network. If a user then accesses a non-https Web resource (located on the Internet or on the internal network), the communication from the corporate ASA to the destination Web server is not secure. Configure Remote Systems to Use Clientless SSL VPN Features The following table includes the tasks involved in setting up remote systems to use Clientless SSL VPN, requirements/prerequisites for the task and recommended usage: You may have configured user accounts differently, and different features maybe available to each Clientless SSL VPN user. This table also organizes information by user activity. 2

Configure Remote Systems to Use Clientless SSL VPN Features Table 2: Clientless SSL VPN Remote System Configuration and End User Requirements Task Starting Clientless SSL VPN Remote System or End User Requirements Connection to the Internet Specifications or Use Suggestions Any Internet connection is supported, including: Home DSL, cable, or dial-up Public kiosks Hotel hook-ups Airport wireless nodes Internet cafes Clientless SSL VPN-supported browser We recommend the following browsers for Clientless SSL VPN. Other browsers may not fully support Clientless SSL VPN features. On Microsoft Windows: Internet Explorer 8 Firefox 8 On Linux: Firefox 8 On Mac OS X: Safari 5 Firefox 8 Cookies enabled on browser URL for Clientless SSL VPN Clientless SSL VPN username and password [Optional] Local printer Cookies must be enabled on the browser in order to access applications via port forwarding. An HTTPS address in the following form: https://address where address is the IP address or DNS hostname of an interface of the ASA (or load balancing cluster) on which Clientless SSL VPN is enabled. For example: https://10.89.192.163 or https://cisco.example.com. Clientless SSL VPN does not support printing from a Web browser to a network printer. Printing to a local printer is supported. 3

Configure Remote Systems to Use Clientless SSL VPN Features Task Using the Floating Toolbar in a Clientless SSL VPN Connection Web Browsing Remote System or End User Requirements Usernames and passwords for protected websites Specifications or Use Suggestions A floating toolbar is available to simplify the use of Clientless SSL VPN. The toolbar lets you enter URLs, browse file locations, and choose preconfigured Web connections without interfering with the main browser window. If you configure your browser to block popups, the floating toolbar cannot display. The floating toolbar represents the current Clientless SSL VPN session. If you click the Close button, the ASA prompts you to close the Clientless SSL VPN session. Tip To paste text into a text field, use Ctrl-V. (Right-clicking is not enabled on the Clientless SSL VPN toolbar.) Using Clientless SSL VPN does not ensure that communication with every site is secure. See Communicate Security Tips, on page 2. The look and feel of Web browsing with Clientless SSL VPN may be different from what users are accustomed to. For example: The Clientless SSL VPN title bar appears above each Web page. You access websites by: Entering the URL in the Enter Web Address field on the Clientless SSL VPN Home page. Clicking on a preconfigured website link on the Clientless SSL VPN Home page. Clicking a link on a webpage accessed via one of the previous two methods. Also, depending on how you configured a particular account, it may be that: Some websites are blocked. Only the websites that appear as links on the Clientless SSL VPN Home page are available. 4

Configure Remote Systems to Use Clientless SSL VPN Features Task Network Browsing and File Management Remote System or End User Requirements File permissions configured for shared remote access Server name and passwords for protected file servers Domain, workgroup, and server names where folders and files reside Specifications or Use Suggestions Only shared folders and files are accessible via Clientless SSL VPN. Users may not be familiar with how to locate their files through your organization network. Do not interrupt the Copy File to Server command or navigate to a different screen while the copying is in progress. Interrupting the operation can cause an incomplete file to be saved on the server. 5

Configure Remote Systems to Use Clientless SSL VPN Features Task Using Applications (called Port Forwarding or Application Access) Remote System or End User Requirements On Mac OS X, only the Safari browser supports this feature. Specifications or Use Suggestions Because this feature requires installing Oracle Java Runtime Environment (JRE) and configuring the local clients, and because doing so requires administrator permissions on the local system, it is unlikely that users will be able to use applications when they connect from public remote systems. Users should always close the Application Access window when they finish using applications by clicking the Close icon. Failure to close the window properly can cause Application Access or the applications themselves to be inaccessible. Client applications installed Cookies enabled on browser Administrator privileges Oracle Java Runtime Environment (JRE) installed. JavaScript must be enabled on the browser. By default, it is enabled. User must have administrator access on the computer if you use DNS names to specify servers because modifying the hosts file requires it. If JRE is not installed, a pop-up window displays, directing users to a site where it is available. On rare occasions, the port forwarding applet fails with Java exception errors. If this happens, do the following: 1 Clear the browser cache and close the browser. 2 Verify that no Java icons are in the computer task bar. Close all instances of Java. 3 Establish a Clientless SSL VPN session and launch the port forwarding Java applet. Client applications configured, if necessary. The Microsoft Outlook client does not require this configuration step. All non-windows client applications require configuration. To see if configuration is necessary for a Windows application, check the value of the Remote Server. If the Remote Server contains the server hostname, you do not need to configure the client application. If the Remote Server field contains an IP address, you must configure the client application. To configure the client application, use the server s locally mapped IP address and port number. To find this information: 1 Start Clientless SSL VPN on the remote system and click the Application Access link on the Clientless SSL VPN Home page. The Application Access window appears. 2 In the Name column, find the name of the server to use, then identify its corresponding client IP address and port number (in the Local column). 3 Use this IP address and port number to configure the client application. Configuration steps vary for each client application. 6

Capture Clientless SSL VPN Data Task Using email via Application Access Remote System or End User Requirements Specifications or Use Suggestions Clicking a URL (such as one in an -email message) in an application running over Clientless SSL VPN does not open the site over Clientless SSL VPN. To open a site over Clientless SSL VPN, cut and paste the URL into the Enter (URL) Address field. Fulfill requirements for Application Access (See Using Applications) To use mail, start Application Access from the Clientless SSL VPN Home page. The mail client is then available for use. If you are using an IMAP client and you lose your mail server connection or are unable to make a new connection, close the IMAP application and restart Clientless SSL VPN. Other email clients We have tested Microsoft Outlook Express versions 5.5 and 6.0. Using email via Web Access Using email via email Proxy Web-based email product installed SSL-enabled mail application installed Do not set the ASA SSL version to TLSv1 Only. Outlook and Outlook Express do not support TLS. Mail application configured Supported products include: Outlook Web Access For best results, use OWA on Internet Explorer 8.x or higher, or Firefox 8.x. Lotus s Other web-based email products should also work, but we have not verified them. Supported mail applications: Microsoft Outlook Microsoft Outlook Express versions 5.5 and 6.0 Other SSL-enabled mail clients should also work, but we have not verified them. Capture Clientless SSL VPN Data The CLI capture command lets you log information about websites that do not display correctly over a Clientless SSL VPN connection. This data can help your Cisco customer support engineer troubleshoot problems. The following sections describe how to use the capture command: Create a Capture File, on page 8 Use a Browser to Display Capture Data, on page 8 7

Capture Clientless SSL VPN Data Enabling Clientless SSL VPN capture affects the performance of the ASA. Ensure that you switch off the capture after you generate the capture files needed for troubleshooting. Create a Capture File Procedure Step 1 Start the Clientless SSL VPN capture utility, to capture packets capture capture-name type webvpn user csslvpn-username capture-name is a name you assign to the capture, which is also prefixed to the name of the capture files. csslvpn-username is the username to match for capture. Example: hostname# capture hr type webvpn user user2 Step 2 Stop the capture by using the no version of the command: no capture capture-name Example: hostname# no capture hr The capture utility creates a capture-name.zip file, which is encrypted with the password koleso Step 3 Step 4 Send the.zip file to Cisco, or attach it to a Cisco TAC service request. To look at the contents of the.zip file, unzip it using the password koleso. Use a Browser to Display Capture Data Procedure Step 1 Start the Clientless SSL VPN capture utility: capture capture-name type webvpn user csslvpn-username capture-name is a name you assign to the capture, which is also prefixed to the name of the capture files. csslvpn-username is the username to match for capture. 8

Capture Clientless SSL VPN Data Example: hostname# capture hr type webvpn user user2 Step 2 Step 3 Open a browser and in the address box enter: https://ip address or hostname of the ASA/webvpn_capture.html The captured content displays in a sniffer format. Stop the capture by using the no version of the command: no capture capture-name Example: hostname# no capture hr 9

Capture Clientless SSL VPN Data 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback