RE: Web VPN URL-List on ASA (8.0)

The URL-LIST is now gone, you have to use the XML file. The ASA has just evolved to the point where you have to use the ASDM (at least for WebVPN). You can create or modify and import an XML file manually but that is a whole different ball game then configuring an ASA.

Andy

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Tomi Amao
Sent: Wednesday, May 13, 2009 8:26 AM
To: sadiqtanko_at_gmail.com
Cc: ccielab_at_groupstudy.com
Subject: RE: Web VPN URL-List on ASA (8.0)

Sadiq,

Yea you're right the feature has been limited to the import xml feature as from ASA version 8.1. I've never really been able to set that up using the import feature but it is possible, just a lil more difficult in my own opinion. It's cleaner when done from the ASDM.

Regards,

Tomi

Date: Wed, 13 May 2009 14:22:00 +0100
Subject: Re: Web VPN URL-List on ASA (8.0)
From: sadiqtanko_at_gmail.com
To: tomiground_at_hotmail.com
CC: wmontoya_at_divixsa.com; ccielab_at_groupstudy.com

Tomi,

Yes, I get this feeling that it would be easier with from the ASDM interface.
But I also think if its available from the ASDM, then it should be also configurable via the CLI. I will give the ASDM a go, and see what config that generates on the CLI config.

Farouq,

I am referring to url-lists (webvpn bookmarks). I am suspecting my browser to be shagged. I will install FF, see if that works.

Waldir,

As pointed out by Tomi, that command seems to be depricated on the 8.x code it seems. See below for a log message generated when I try to do that. I have read about an option to import the list using xml, could it be that they have restricted this feature to the import method then?

Thanks a mil guys for taking out time to look at the this!

Sadiq

VPN(config)# group-policy WEBVPN attributes VPN(config-group-policy)# vpn-tunnel-protocol webvpn VPN(config-group-policy)# webvpn VPN(config-group-webvpn)# url-list ?

config-group-webvpn mode commands/options:
  none Specify an empty list of WebVPN servers/URLs
  value Specify a list of WebVPN servers/URLs VPN(config-group-webvpn)# url-list value WEB_URL_LIST
ERROR: No url-list "WEB_URL_LIST" exists.

On Wed, May 13, 2009 at 2:12 PM, Tomi Amao <tomiground_at_hotmail.com> wrote:

Hi Walid,

Yea this would work. But from ASA version 8.1 the url-list command has been deprecated. So personally i feel learning how to go about it with the ASDM would be a good choice.

Regards,

Tomi

Date: Wed, 13 May 2009 08:08:02 -0500
Subject: Re: Web VPN URL-List on ASA (8.0)
From: wmontoya_at_divixsa.com
To: tomiground_at_hotmail.com
CC: sadiqtanko_at_gmail.com; ccielab_at_groupstudy.com

Under the group policy, then under webvpn you can tye url-list value "name"

group-policy test attributes
 vpn-access-hours none
 vpn-simultaneous-logins 700
 vpn-tunnel-protocol webvpn
 webvpn
  url-list value test

The smart-tunnel is something they came with to solve some issues about web applications through the webvpn.

2009/5/13 Tomi Amao <tomiground_at_hotmail.com>

Hi Sadiq,

Well url-list no longer works like it used to in previous ASA versions. Now u'd be better off configuring it from the ASDM. Enable ASDM on your ASA and under remote-access i believe, configure your bookmarks and attach to your group-policy that would get your url-list up. Also some advanced customization techniques can be applied from the ASDM to provide a better look-and-feel.

Regards,

Tomi

> Date: Wed, 13 May 2009 12:43:00 +0100
> Subject: Web VPN URL-List on ASA (8.0)
> From: sadiqtanko_at_gmail.com
> To: security_at_groupstudy.com; ccielab_at_groupstudy.com

>
> I have been trying to get URL-Listing on 8.0 code and having a tough
> time doing this. Also. when portforwarding is envoked on the PC, the
> page just hangs and nothing appears in the dialog box that launches on
> the webbrowser (after the I successfully log into the WebVPN page),
> although ASA says the vpn-session is established and connected. See sample config for 8.0 below:
>
> username WEBUSER password oW41BWsG68c8N2FO encrypted
>
> webvpn
> enable Public
> port-forward PORTFORWARD 2023 191.1.118.10 telnet tunnel-group-list
> enable
>
> group-policy WEBVPN internal
> group-policy WEBVPN attributes
> vpn-tunnel-protocol webvpn
> webvpn
> port-forward name PORTFORWARD
> port-forward auto-start PORTFORWARD
> url-entry enable
>
> tunnel-group WEBVPN type remote-access tunnel-group WEBVPN
> general-attributes default-group-policy WEBVPN tunnel-group WEBVPN
> webvpn-attributes group-alias WEB enable
>
>
> Anyone knows if URL_List is even supported? They seem to be talking about
> some "Smart tunnels" feature. Is this like a replacement for the URL-List?
I
> simply just dont see any information related to url-list on the config
guide
> for 8.0
>
> Thanks as usual guys,
> Sadiq
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
Received on Wed May 13 2009 - 09:24:15 ART