Packet Tracer lab 16 : Clientless SSL VPN

: Last Updated: 06 October 2024

Lab instructions

SSL VPN technology can be configured in three ways :

Thin Client VPN
SSL VPN Client
Clientless SSL VPN (WebVPN)

Clientless SSL VPN is a technology allowing limited but secure access to internal network ressources from any location using a web browser. No specific VPN client is needed, a remote user only needs an SSL-enabled web browser to access http- or https-enabled web servers on the internal network. This technology is available on ASA 5505 firewall and has been implemented in Packet Tracer 8.2 network simulator.

Firewall configuration to apply in this lab:

Outside IP : 192.168.1.1/24
Inside IP : 192.168.2.1/24
User login : test
User password : test.test
Website IP : site 1

Network diagram

Packet Tracer 6.1 - ASA 5505 clientless SSL VPN network diagram

Solution

1. Create the bookmark site1 to the URL http://192.168.2.3 on the ASA 5505 firewall

2. Apply the following configuration to the firewall :

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 192.168.1.1 255.255.255.0
!
webvpn
 enable outside
object network LAN
 subnet 192.168.2.0 255.255.255.0
!
object network LAN
 nat (inside,outside) dynamic interface
!
group-policy group1 internal
group-policy group1 attributes
 vpn-tunnel-protocol ssl-clientless
 webvpn
  url-list value site1
username test password D35rLrqYJOMRHDCX encrypted
username test attributes
 vpn-group-policy group1
!
!