Re: SSL VPN downloadable client

From: WorkerBee (ciscobee@gmail.com)
Date: Tue Jun 12 2007 - 23:03:09 ART

• Next message: Todd Veillette: "Re: asa failover using management interface"
• Previous message: Paul Dardinski: "SSL VPN downloadable client"
• Maybe in reply to: Paul Dardinski: "SSL VPN downloadable client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Did you log in with Admin rights?

It only work on PC with admin rights. Alternatively, you installed SSLVPN client
enabler using admin right and you can access SSLVPN applet download
on demand on non-admin right PC.

On 6/13/07, Paul Dardinski <pauld@marshallcomm.com> wrote:
> All,
>
>
>
> Having problems getting the downloadable SSL VPN client to work. I have
> tried lowering my security level on the browser to nil to ensure no
> issues with active-x. Basically, log shows that the connection is being
> made, but then times out. I am using the config given on InternetworkExp
> labs below. I haven't ever worked with this before and it appears to me
> (at least at first glance) that there is never any authentication done
> (user), but I never get any access window to authent.
>
>
>
> I'm sure it's something silly I'm missing, but really want to figure out
> why it's not happening........
>
>
>
> PD (#16842)
>
>
>
> ASA1(config)# sh disk0:
>
> -#- --length-- -----date/time------ path
>
> 12 5623108 Apr 14 2007 06:34:14 asdm-522.bin
>
> 15 8312832 Apr 02 2007 11:46:52 asa722-k8.bin
>
> 16 416354 Jun 12 2007 23:52:36 sslclient-win-1.1.3.173.pkg
>
>
>
> 240975872 bytes available (14450688 bytes used)
>
>
>
> ASA1(config)# sh webvpn svc
>
> 1. disk0:/sslclient-win-1.1.3.173.pkg 1
>
> CISCO STC win2k+ 1.0.0
>
> 1,1,3,173
>
> Mon 12/11/2006 18:41:54.43
>
>
>
> 1 SSL VPN Client(s) installed
>
>
>
>
>
> ASA1(config)# sh run
>
> : Saved
>
> :
>
> ASA Version 7.2(2)
>
> !
>
> hostname ASA1
>
> enable password 8Ry2YjIyt7RRXU24 encrypted
>
> names
>
> !
>
> interface Ethernet0/0
>
> nameif outside
>
> security-level 0
>
> ip address 136.1.123.12 255.255.255.0
>
> !
>
> interface Ethernet0/1
>
> nameif inside
>
> security-level 100
>
> ip address 136.1.121.12 255.255.255.0
>
> !
>
> interface Ethernet0/2
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> !
>
> interface Ethernet0/3
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> !
>
> interface Management0/0
>
> shutdown
>
> no nameif
>
> no security-level
>
> no ip address
>
> management-only
>
> !
>
> passwd 2KFQnbNIdI.2KYOU encrypted
>
> ftp mode passive
>
> access-list OUTSIDE extended permit ip any any
>
> pager lines 24
>
> logging enable
>
> logging buffered debugging
>
> mtu outside 1500
>
> mtu inside 1500
>
> ip local pool LAB 20.0.0.1-20.0.0.10
>
> no failover
>
> icmp unreachable rate-limit 1 burst-size 1
>
> no asdm history enable
>
> arp timeout 14400
>
> access-group OUTSIDE in interface outside
>
> !
>
> router rip
>
> network 136.1.0.0
>
> version 2
>
> no auto-summary
>
> !
>
> timeout xlate 3:00:00
>
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
>
> timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat
> 0:05:00
>
> timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect
> 0:02:00
>
> timeout uauth 0:05:00 absolute
>
> group-policy SSLVPN internal
>
> group-policy SSLVPN attributes
>
> vpn-tunnel-protocol webvpn
>
> webvpn
>
> svc required
>
> svc keep-installer installed
>
> username CISCO password MUDcYoptEJqmU1HH encrypted
>
> username CISCO attributes
>
> vpn-group-policy SSLVPN
>
> no snmp-server location
>
> no snmp-server contact
>
> snmp-server enable traps snmp authentication linkup linkdown coldstart
>
> tunnel-group SSLVPN type webvpn
>
> tunnel-group SSLVPN general-attributes
>
> address-pool LAB
>
> default-group-policy SSLVPN
>
> telnet timeout 5
>
> ssh timeout 5
>
> console timeout 0
>
> !
>
> class-map inspection_default
>
> match default-inspection-traffic
>
> !
>
> !
>
> policy-map type inspect dns preset_dns_map
>
> parameters
>
> message-length maximum 512
>
> policy-map global_policy
>
> class inspection_default
>
> inspect dns preset_dns_map
>
> inspect ftp
>
> inspect h323 h225
>
> inspect h323 ras
>
> inspect rsh
>
> inspect rtsp
>
> inspect esmtp
>
> inspect sqlnet
>
> inspect skinny
>
> inspect sunrpc
>
> inspect xdmcp
>
> inspect sip
>
> inspect netbios
>
> inspect tftp
>
> !
>
> service-policy global_policy global
>
> webvpn
>
> enable outside
>
> svc image disk0:/sslclient-win-1.1.3.173.pkg 1
>
> svc enable
>
> prompt hostname context
>
> Cryptochecksum:cf33e10117008569b1f43ef154b29963
>
> : end
>
> ASA1(config)#
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Todd Veillette: "Re: asa failover using management interface"
• Previous message: Paul Dardinski: "SSL VPN downloadable client"
• Maybe in reply to: Paul Dardinski: "SSL VPN downloadable client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:48 ART