AnyConnect SSL VPN, CSD and DAP Configuration through ASDM

if you want to give full network access through SSL based tunnels, AnyConnect VPN is for you.  Using AnyConnect,  remote user can send TCP, UDP or even ICMP packets. In this video, I tried to configure ASA to accept AnyConnect SSL VPN and also Clientless Remote Access SSL VPN through ASDM. I also configured Cisco Secure Desktop  and Dynamic Access Policy for clientless remote user but these are very simple configurations to show how it works.  You can even enable advanced endpoint assessment on emulated ASA. 

PART 1

PART 2

PART 3

There is a few videos left I want to make. (Active-Active Failover, Qos, Advanced Protocol Handling). Then I will begin to study for IPS. I hope that I can get IPS work on virtual machine. I didn't even try it yet.

GNS3 Topology: ASA Clientless Remote Access SSL (Web) VPN Configuration

Clientless SSL VPN feature is great. I really enjoyed when I was learning it. When I first connected to the PC sitting on the inside network or telnet into router through ASA without anything but a browser, I was amazed. It is really cool. You should try this one :)

PART 1

PART 2

Initial Configurations

ASA1
hostname ASA-Izmir
int e0/0
   ip add 192.168.2.254 255.255.255.0
   nameif inside
   no shut
int e0/1
   ip add 157.55.1.254 255.255.255.0
   nameif outside
   no shut
route outside 0 0 157.55.1.1 1
route inside 192.168.3.0 255.255.255.0 192.168.2.100
http server enable
http 0 0 inside
telnet 0 0 inside
telnet timeout 30
asdm image flash:/asdm.bin
nat-control
global (outside) 1 interface
nat (inside) 1 192.168.2.0 255.255.255.0
access-list acl_outside_in permit icmp any interface outside echo-reply
access-group acl_outside_in in interface outside
username levent password xxxxxxxx privilege 15

R2
interface FastEthernet0/0
 ip address 192.168.2.100 255.255.255.0
 no shut
!
interface FastEthernet1/0
 ip address 192.168.3.254 255.255.255.0
 no shut
!
ip route 0.0.0.0 0.0.0.0 192.168.2.254
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
!
end

R1
enable secret xxxxxxxxx
interface FastEthernet0/0
 ip address 157.55.1.1 255.255.255.0
 no shut
!
interface FastEthernet1/0
 ip address 192.168.10.254 255.255.255.0
 no shut
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 password cisco
 logging synchronous
 login
!
end

GNS3 Topology: ASA Multicontext Mode Configuration

ASA running in multicontext mode (virtual firewall) is useful when you need more than one firewall to protect traffic. In this video you can see not only how to configure virtual firewalls but also you can find simple NAT and ACL configuration. Please excuse me for terrible web pages which I used during testing the configuration. I am not a web designer but web pages could be better :)

PART 1

PART 2

PART 3

by the way, the below list is what you can not perform with ASA configured in MULTICONTEXT mode

No QoS
No IPSec VPN
No SSL VPN
No Dynamic Routing

GNS3 Topology: Certificate Base Remote Access IPSec VPN

This video shows that the configuration steps of ASA to accept remote access IPSec VPN client using certificates. Before I started, I installed active directory, IIS, Certificate services and SCEP on windows server. Active directory is optional of course, you can simply install standalone CA. I wish I could have shown more detailed windows configuration, but unfortunately my computer is not powerful enough to run server and recording software together. Other steps of remote access vpn configuration, like split tunneling or transparent NAT is same with classic (pre-shared-key) remote access vpn configuration. Enjoy!

PART 2