Re: Web VPN URL-List on ASA (8.0) from Waldir Montoya on 2009-05-13 (Ccielab archives 05/2009)

From: Waldir Montoya <wmontoya_at_divixsa.com>
Date: Wed, 13 May 2009 09:48:25 -0500

Yeah thanks for the info, less things to worry about.

2009/5/13 Sadiq Yakasai <sadiqtanko_at_gmail.com>

> Thanks Andrew! In that case, its then yet another case of one less
> technology to worry about as far as the new lab exam goes for the security
> then, eh? Since ASDM is not allowed in the exam.
>
> Thanks,
>
> On Wed, May 13, 2009 at 3:24 PM, Diment, Andrew <Andrew.Diment_at_qwest.com
> >wrote:
>
> > The URL-LIST is now gone, you have to use the XML file. The ASA has just
> > evolved to the point where you have to use the ASDM (at least for
> WebVPN).
> > You can create or modify and import an XML file manually but that is a
> > whole different ball game then configuring an ASA.
> >
> > Andy
> >
> > -----Original Message-----
> > From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> > Tomi Amao
> > Sent: Wednesday, May 13, 2009 8:26 AM
> > To: sadiqtanko_at_gmail.com
> > Cc: ccielab_at_groupstudy.com
> > Subject: RE: Web VPN URL-List on ASA (8.0)
> >
> > Sadiq,
> >
> >
> >
> > Yea you're right the feature has been limited to the import xml feature
> as
> > from ASA version 8.1. I've never really been able to set that up using
> the
> > import feature but it is possible, just a lil more difficult in my own
> > opinion. It's cleaner when done from the ASDM.
> >
> > Regards,
> >
> > Tomi
> >
> >
> >
> >
> >
> >
> > Date: Wed, 13 May 2009 14:22:00 +0100
> > Subject: Re: Web VPN URL-List on ASA (8.0)
> > From: sadiqtanko_at_gmail.com
> > To: tomiground_at_hotmail.com
> > CC: wmontoya_at_divixsa.com; ccielab_at_groupstudy.com
> >
> > Tomi,
> >
> > Yes, I get this feeling that it would be easier with from the ASDM
> > interface.
> > But I also think if its available from the ASDM, then it should be also
> > configurable via the CLI. I will give the ASDM a go, and see what config
> > that generates on the CLI config.
> >
> > Farouq,
> >
> > I am referring to url-lists (webvpn bookmarks). I am suspecting my
> browser
> > to be shagged. I will install FF, see if that works.
> >
> > Waldir,
> >
> > As pointed out by Tomi, that command seems to be depricated on the 8.x
> code
> > it seems. See below for a log message generated when I try to do that. I
> > have read about an option to import the list using xml, could it be that
> > they have restricted this feature to the import method then?
> >
> > Thanks a mil guys for taking out time to look at the this!
> >
> > Sadiq
> >
> > VPN(config)# group-policy WEBVPN attributes VPN(config-group-policy)#
> > vpn-tunnel-protocol webvpn VPN(config-group-policy)# webvpn
> > VPN(config-group-webvpn)# url-list ?
> >
> > config-group-webvpn mode commands/options:
> > none Specify an empty list of WebVPN servers/URLs
> > value Specify a list of WebVPN servers/URLs VPN(config-group-webvpn)#
> > url-list value WEB_URL_LIST
> > ERROR: No url-list "WEB_URL_LIST" exists.
> >
> >
> >
> >
> >
> > On Wed, May 13, 2009 at 2:12 PM, Tomi Amao <tomiground_at_hotmail.com>
> wrote:
> >
> >
> > Hi Walid,
> >
> > Yea this would work. But from ASA version 8.1 the url-list command has
> > been deprecated. So personally i feel learning how to go about it with
> the
> > ASDM would be a good choice.
> >
> > Regards,
> >
> > Tomi
> >
> >
> >
> >
> >
> > Date: Wed, 13 May 2009 08:08:02 -0500
> > Subject: Re: Web VPN URL-List on ASA (8.0)
> > From: wmontoya_at_divixsa.com
> > To: tomiground_at_hotmail.com
> > CC: sadiqtanko_at_gmail.com; ccielab_at_groupstudy.com
> >
> >
> >
> >
> > Under the group policy, then under webvpn you can tye url-list value
> "name"
> >
> >
> >
> > group-policy test attributes
> > vpn-access-hours none
> > vpn-simultaneous-logins 700
> > vpn-tunnel-protocol webvpn
> > webvpn
> > url-list value test
> >
> >
> >
> >
> > The smart-tunnel is something they came with to solve some issues about
> web
> > applications through the webvpn.
> >
> >
> >
> > 2009/5/13 Tomi Amao <tomiground_at_hotmail.com>
> >
> > Hi Sadiq,
> >
> >
> >
> > Well url-list no longer works like it used to in previous ASA versions.
> Now
> > u'd be better off configuring it from the ASDM. Enable ASDM on your ASA
> and
> > under remote-access i believe, configure your bookmarks and attach to
> your
> > group-policy that would get your url-list up. Also some advanced
> > customization techniques can be applied from the ASDM to provide a better
> > look-and-feel.
> >
> >
> > Regards,
> >
> > Tomi
> >
> >
> >
> >
> > > Date: Wed, 13 May 2009 12:43:00 +0100
> > > Subject: Web VPN URL-List on ASA (8.0)
> > > From: sadiqtanko_at_gmail.com
> > > To: security_at_groupstudy.com; ccielab_at_groupstudy.com
> >
> >
> >
> > >
> > > I have been trying to get URL-Listing on 8.0 code and having a tough
> > > time doing this. Also. when portforwarding is envoked on the PC, the
> > > page just hangs and nothing appears in the dialog box that launches on
> > > the webbrowser (after the I successfully log into the WebVPN page),
> > > although ASA says the vpn-session is established and connected. See
> > sample config for 8.0 below:
> > >
> > > username WEBUSER password oW41BWsG68c8N2FO encrypted
> > >
> > > webvpn
> > > enable Public
> > > port-forward PORTFORWARD 2023 191.1.118.10 telnet tunnel-group-list
> > > enable
> > >
> > > group-policy WEBVPN internal
> > > group-policy WEBVPN attributes
> > > vpn-tunnel-protocol webvpn
> > > webvpn
> > > port-forward name PORTFORWARD
> > > port-forward auto-start PORTFORWARD
> > > url-entry enable
> > >
> > > tunnel-group WEBVPN type remote-access tunnel-group WEBVPN
> > > general-attributes default-group-policy WEBVPN tunnel-group WEBVPN
> > > webvpn-attributes group-alias WEB enable
> > >
> > >
> > > Anyone knows if URL_List is even supported? They seem to be talking
> about
> > > some "Smart tunnels" feature. Is this like a replacement for the
> > URL-List?
> > I
> > > simply just dont see any information related to url-list on the config
> > guide
> > > for 8.0
> > >
> > > Thanks as usual guys,
> > > Sadiq
> > >
> > > --
> > > CCIE #19963
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > _________________________________________________________________
> > Drag n drop Get easy photo sharing with Windows Live Photos.
> >
> > http://www.microsoft.com/windows/windowslive/products/photos.aspx
> >
> >
> >
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Invite your mail contacts to join your friends list with Windows Live
> > Spaces.
> > It's easy! Try it!
> >
> > --
> > CCIE #19963
> >
> > _________________________________________________________________
> > Show them the way! Add maps and directions to your party invites.
> > http://www.microsoft.com/windows/windowslive/products/events.aspx
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed May 13 2009 - 09:48:25 ART

This archive was generated by hypermail 2.2.0 : Mon Jun 01 2009 - 07:04:42 ART