RE: Web VPN URL-List on ASA (8.0)

Sadiq,

Yea you're right the feature has been limited to the import xml feature as
from ASA version 8.1. I've never really been able to set that up using the
import feature but it is possible, just a lil more difficult in my own
opinion. It's cleaner when done from the ASDM.

Regards,

Tomi

Date: Wed, 13 May 2009 14:22:00 +0100
Subject: Re: Web VPN URL-List on ASA (8.0)
From: sadiqtanko_at_gmail.com
To: tomiground_at_hotmail.com
CC: wmontoya_at_divixsa.com; ccielab_at_groupstudy.com

Tomi,

Yes, I get this feeling that it would be easier with from the ASDM interface.
But I also think if its available from the ASDM, then it should be also
configurable via the CLI. I will give the ASDM a go, and see what config that
generates on the CLI config.

Farouq,

I am referring to url-lists (webvpn bookmarks). I am suspecting my browser to
be shagged. I will install FF, see if that works.

Waldir,

As pointed out by Tomi, that command seems to be depricated on the 8.x code it
seems. See below for a log message generated when I try to do that. I have
read about an option to import the list using xml, could it be that they have
restricted this feature to the import method then?

Thanks a mil guys for taking out time to look at the this!

Sadiq

VPN(config)# group-policy WEBVPN attributes
VPN(config-group-policy)# vpn-tunnel-protocol webvpn
VPN(config-group-policy)# webvpn
VPN(config-group-webvpn)# url-list ?

config-group-webvpn mode commands/options:
  none Specify an empty list of WebVPN servers/URLs
  value Specify a list of WebVPN servers/URLs
VPN(config-group-webvpn)# url-list value WEB_URL_LIST
ERROR: No url-list "WEB_URL_LIST" exists.

On Wed, May 13, 2009 at 2:12 PM, Tomi Amao <tomiground_at_hotmail.com> wrote:

Hi Walid,

Yea this would work. But from ASA version 8.1 the url-list command has been
deprecated. So personally i feel learning how to go about it with the ASDM
would be a good choice.

Regards,

Tomi

Date: Wed, 13 May 2009 08:08:02 -0500
Subject: Re: Web VPN URL-List on ASA (8.0)
From: wmontoya_at_divixsa.com
To: tomiground_at_hotmail.com
CC: sadiqtanko_at_gmail.com; ccielab_at_groupstudy.com

Under the group policy, then under webvpn you can tye url-list value "name"

group-policy test attributes
 vpn-access-hours none
 vpn-simultaneous-logins 700
 vpn-tunnel-protocol webvpn
 webvpn
  url-list value test

The smart-tunnel is something they came with to solve some issues about web
applications through the webvpn.

2009/5/13 Tomi Amao <tomiground_at_hotmail.com>

Hi Sadiq,

Well url-list no longer works like it used to in previous ASA versions. Now
u'd be better off configuring it from the ASDM. Enable ASDM on your ASA and
under remote-access i believe, configure your bookmarks and attach to your
group-policy that would get your url-list up. Also some advanced
customization
techniques can be applied from the ASDM to provide a better look-and-feel.

Regards,

Tomi

> Date: Wed, 13 May 2009 12:43:00 +0100
> Subject: Web VPN URL-List on ASA (8.0)
> From: sadiqtanko_at_gmail.com
> To: security_at_groupstudy.com; ccielab_at_groupstudy.com

>
> I have been trying to get URL-Listing on 8.0 code and having a tough time
> doing this. Also. when portforwarding is envoked on the PC, the page just
> hangs and nothing appears in the dialog box that launches on the webbrowser
> (after the I successfully log into the WebVPN page), although ASA says the
> vpn-session is established and connected. See sample config for 8.0 below:
>
> username WEBUSER password oW41BWsG68c8N2FO encrypted
>
> webvpn
> enable Public
> port-forward PORTFORWARD 2023 191.1.118.10 telnet
> tunnel-group-list enable
>
> group-policy WEBVPN internal
> group-policy WEBVPN attributes
> vpn-tunnel-protocol webvpn
> webvpn
> port-forward name PORTFORWARD
> port-forward auto-start PORTFORWARD
> url-entry enable
>
> tunnel-group WEBVPN type remote-access
> tunnel-group WEBVPN general-attributes
> default-group-policy WEBVPN
> tunnel-group WEBVPN webvpn-attributes
> group-alias WEB enable
>
>
> Anyone knows if URL_List is even supported? They seem to be talking about
> some "Smart tunnels" feature. Is this like a replacement for the URL-List?
I
> simply just dont see any information related to url-list on the config
guide
> for 8.0
>
> Thanks as usual guys,
> Sadiq
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Wed May 13 2009 - 14:26:00 ART