Packet Tracer lab 16 : Clientless SSL VPN

Lab instructions

SSL VPN technology can be configured in three ways :

  • Thin Client VPN
  • SSL VPN Client
  • Clientless SSL VPN (WebVPN)

Clientless SSL VPN is a technology allowing limited but secure access to internal network ressources from any location using a web browser. No specific VPN client is needed, a remote user only needs an SSL-enabled web browser to access http- or https-enabled web servers on the internal network. This technology is available on ASA 5505 firewall and has been implemented in Packet Tracer 7.1 network simulator.


Firewall configuration to apply in this lab:

  • Outside IP : 192.168.1.1/24
  • Inside IP : 192.168.2.1/24
  • User login : test
  • User password : test.test
  • Website IP : site 1

 

Network diagram

 Packet Tracer 6.1 - ASA 5505 clientless SSL VPN network diagram

Solution

1. Create the bookmark site1 to the URL http://192.168.2.3 on the ASA 5505 firewall

2. Apply the following configuration to the firewall :

interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 192.168.1.1 255.255.255.0
!
webvpn
 enable outside
object network LAN
 subnet 192.168.2.0 255.255.255.0
!
object network LAN
 nat (inside,outside) dynamic interface
!
group-policy group1 internal
group-policy group1 attributes
 vpn-tunnel-protocol ssl-clientless
 webvpn
  url-list value site1
username test password D35rLrqYJOMRHDCX encrypted
username test attributes
 vpn-group-policy group1
!
!

 

Trademark notice : This web site and/or material is not affiliated with, endorsed by, or sponsored by Cisco Systems, Inc. Cisco, Cisco Systems, Cisco IOS, CCNA, CCNP, Networking Academy, Linksys are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. or certain other countries.