Chapter 10: Advanced Cisco Adaptive Security Appliance
Chapter Outline
Section 10.1: ASA Security Device Manager
Topic 10.1.1: Introduction to ASDM
Overview of ASDM
Preparing for ASDM
Starting ASDM
Starting ASDM (Cont.)
Starting ASDM (Cont.)
ASDM Home Page Dashboards
ASDM Home Page Dashboards (Cont.)
ASDM Page Elements
ASDM Configuration and Monitoring Views
ASDM Configuration and Monitoring Views (Cont.)
Configure and Access on an ASA5505
Topic 10.1.2: ASDM Wizard Menu
ASDM Wizards
The Startup Wizard
The Startup Wizard (Cont.)
The Startup Wizard (Cont.)
The Startup Wizard (Cont.)
The Startup Wizard (Cont.)
Different Types of VPN Wizards
Other Wizards
Topic 10.1.3: Configuring Management Settings and Services
Configuring Settings in ASDM
Configuring Settings in ASDM (Cont.)
Configuring Basic Settings in ASDM
Configuring Basic Settings in ASDM (Cont.)
Configuring Interfaces in ASDM
Configuring Interfaces in ASDM (Cont.)
Configuring Interfaces in ASDM (Cont.)
Configuring Interfaces in ASDM (Cont.)
Configuring Interfaces in ASDM (Cont.)
Configuring Interfaces in ASDM (Cont.)
Configuring the System Time in ASDM
Configuring the System Time in ASDM (Cont.)
Configuring the System Time in ASDM (Cont.)
Configuring Routing in ASDM
Configuring Routing in ASDM (Cont.)
Configuring Routing in ASDM (Cont.)
Configuring Device Management Access in ASDM
Configuring Device Management Access in ASDM (Cont.)
Configuring DHCP Services in ASDM
Configuring DHCP Services in ASDM (Cont.)
Configuring DHCP Services in ASDM (Cont.)
Configuring DHCP Services in ASDM (Cont.)
Topic 10.1.4: Configuring Advanced ASDM Features
Objects in ASDM
Objects in ASDM (Cont.)
Objects in ASDM (Cont.)
Objects in ASDM (Cont.)
Objects in ASDM (Cont.)
Objects in ASDM (Cont.)
Configuring ACLs Using ASDM
Configuring ACLs Using ASDM (Cont.)
Configuring Dynamic NAT in ASDM
Configuring Dynamic NAT in ASDM (Cont.)
Configuring Dynamic PAT in ASDM
Configuring Static NAT in ASDM
Configuring AAA Authentication
Configuring AAA Authentication (Cont.)
Configuring AAA Authentication (Cont.)
Configuring AAA Authentication (Cont.)
Configuring AAA Authentication (Cont.)
Configuring AAA Authentication (Cont.)
Configuring AAA Authentication (Cont.)
Configuring a Service Policy Using ASDM
Configuring a Service Policy Using ASDM (Cont.)
Configuring a Service Policy Using ASDM (Cont.)
Configuring a Service Policy Using ASDM (Cont.)
Section 10.2: ASA VPN Configuration
Topic 10.2.1: Site-to-Site VPNs
ASA Support for Site-to-Site VPNs
ASA Site-to-Site VPNs Using ASDM
Configuring the ISR Site-to-Site VPNs Using the CLI
Configuring the ISR Site-to-Site VPNs Using the CLI (Cont.)
Configuring the ASA Site-to-Site VPNs Using ASDM
Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)
Verifying Site-to-Site VPNs Using ASDM
Test the Site-to-Site VPNs Using ASDM
Test the Site-to-Site VPNs Using ASDM (Cont.)
Test the Site-to-Site VPNs Using ASDM (Cont.)
Topic 10.2.2: Remote-Access VPNs
Remote-Access VPN Options
IPsec Versus SSL
IPsec Versus SSL (Cont.)
ASA SSL VPNs
ASA SSL VPNs (Cont.)
Clientless SSL VPN Solution
Clientless SSL VPN Solution (Cont.)
Client-Based SSL VPN Solution
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client (Cont.)
AnyConnect for Mobile Devices
Topic 10.2.3: Configuring Clientless SSL VPN
Configuring Clientless SSL VPN on an ASA
Sample Clientless VPN Topology
Clientless SSL VPN
Clientless SSL VPN (Cont.)
Clientless SSL VPN (Cont.)
Clientless SSL VPN (Cont.)
Clientless SSL VPN (Cont.)
Clientless SSL VPN (Cont.)
Clientless SSL VPN (Cont.)
Verifying Clientless SSL VPN
Testing the Clientless SSL VPN Connection
Testing the Clientless SSL VPN Connection (Cont.)
Testing the Clientless SSL VPN Connection (Cont.)
Viewing the Generated CLI Config
Topic 10.2.4: Configuring AnyConnect SSL VPN
Configuring SSL VPN AnyConnect
Sample SSL VPN Topology
AnyConnect SSL VPN
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
AnyConnect SSL VPN (Cont.)
Verifying AnyConnect Connection
Verifying AnyConnect Connection (Cont.)
Install the AnyConnect Client
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Install the AnyConnect Client (Cont.)
Viewing the Generated CLI Config
Section 10.3: Summary
Instructor Resources

Advanced Cisco Adaptive Security Appliance. (Chapter 10)

1. Chapter 10: Advanced Cisco Adaptive Security Appliance

CCNA Security v2.0

2. Chapter Outline

10.0 Introduction
10.1 ASA Security Device
Manager
10.2 ASA VPN Configuration
10.3 Summary
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2

3. Section 10.1: ASA Security Device Manager

Upon completion of this section, you should be able to:
• Configure an ASA to provide basic firewall services using ASDM.
• Configure an ASA to provide additional firewall services using ASDM wizards.
• Configure management settings and services in an ASA using ASDM.
• Configure object groups on an ASA.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3

4. Topic 10.1.1: Introduction to ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4

5. Overview of ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
5

6. Preparing for ASDM

Preparing the ASA
5505
Verify Connectivity to
the ASA
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6

7. Starting ASDM

ASDM Security
Certificate
ASDM Launch
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
7

8. Starting ASDM (Cont.)

ASDM Security
Warning - 1
ASDM Security
Warning - 2
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
8

9. Starting ASDM (Cont.)

Authenticate to Use
ASDM
Smart Call Home
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9

10. ASDM Home Page Dashboards

ASDM Device Dashboard Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10

11. ASDM Home Page Dashboards (Cont.)

ASDM Firewall Dashboard Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11

12. ASDM Page Elements

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12

13. ASDM Configuration and Monitoring Views

Configuration View
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
13

14. ASDM Configuration and Monitoring Views (Cont.)

Monitoring View
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14

15. Configure and Access on an ASA5505

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15

16. Topic 10.1.2: ASDM Wizard Menu

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16

17. ASDM Wizards

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17

18. The Startup Wizard

Startup Wizard Starting
Point Window
Startup Wizard Basic
Configuration Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
18

19. The Startup Wizard (Cont.)

Startup Wizard Interface
Selection Window
Startup Wizard Switch
Port Allocation Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19

20. The Startup Wizard (Cont.)

Startup Wizard Interface IP
Address Configuration Window
Startup Wizard DHCP
Server Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20

21. The Startup Wizard (Cont.)

Startup Wizard Address
Translation (NAT/PAT) Window
Startup Wizard Administrative
Access Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
21

22. The Startup Wizard (Cont.)

Startup Wizard Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22

23. Different Types of VPN Wizards

ASDM VPN Wizards
ASDM Remote
Access VPN
Assistant
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23

24. Other Wizards

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
24

25. Topic 10.1.3: Configuring Management Settings and Services

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
25

26. Configuring Settings in ASDM

Configuration Device Setup Tab
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26

27. Configuring Settings in ASDM (Cont.)

Configuration Device Management Tab
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27

28. Configuring Basic Settings in ASDM

Configuring Hostname, Domain
Name, and Enable Password
Configuring a Master
Passphrase
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
28

29. Configuring Basic Settings in ASDM (Cont.)

Configuring Legal Notification
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29

30. Configuring Interfaces in ASDM

Configuring Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30

31. Configuring Interfaces in ASDM (Cont.)

Adding an Outside Interface
Change Switch Port Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
31

32. Configuring Interfaces in ASDM (Cont.)

Adding an Outside Interface
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
32

33. Configuring Interfaces in ASDM (Cont.)

Advanced Outside Interface Settings
Updated Interface Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
33

34. Configuring Interfaces in ASDM (Cont.)

Verifying Interfaces
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34

35. Configuring Interfaces in ASDM (Cont.)

Enable Switch Ports
Apply
Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
35

36. Configuring the System Time in ASDM

Manually Change
the System Time
Use NTP to Change the
System Time
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36

37. Configuring the System Time in ASDM (Cont.)

Add an NTP Server
Configure an NTP Server
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37

38. Configuring the System Time in ASDM (Cont.)

Apply the Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38

39. Configuring Routing in ASDM

Configuring Routing
Configuring a Default
Static Route
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39

40. Configuring Routing in ASDM (Cont.)

Add or Edit Route Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Add Static Route Details
Cisco Public
40

41. Configuring Routing in ASDM (Cont.)

Apply the Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41

42. Configuring Device Management Access in ASDM

Configure ASDM/HTTPS/Telnet/SSH Access
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42

43. Configuring Device Management Access in ASDM (Cont.)

Add Device Access Configuration Window
Configure SSH Settings
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43

44. Configuring DHCP Services in ASDM

DHCP Server Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
44

45. Configuring DHCP Services in ASDM (Cont.)

Edit DHCP Server Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45

46. Configuring DHCP Services in ASDM (Cont.)

Configuring DHCP Server Services
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46

47. Configuring DHCP Services in ASDM (Cont.)

Verifying DHCP Server Services
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
47

48. Topic 10.1.4: Configuring Advanced ASDM Features

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
48

49. Objects in ASDM

Network Objects/Groups Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49

50. Objects in ASDM (Cont.)

Adding a Network Object/Group
Add Network Object Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
50

51. Objects in ASDM (Cont.)

Add Network Object Group Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51

52. Objects in ASDM (Cont.)

Service Objects/Group Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52

53. Objects in ASDM (Cont.)

Adding a Service Object/Group
Add Service Object Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53

54. Objects in ASDM (Cont.)

Add Service Object Group Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
54

55. Configuring ACLs Using ASDM

ACLs in ASDM
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
55

56. Configuring ACLs Using ASDM (Cont.)

Add Access Rule Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Diagramming Access Rules
Cisco Public
56

57. Configuring Dynamic NAT in ASDM

Add Network Object Window
Creating a Network Object
for Public Addresses
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57

58. Configuring Dynamic NAT in ASDM (Cont.)

Creating a Network Object for
Dynamic NAT
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
58

59. Configuring Dynamic PAT in ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
59

60. Configuring Static NAT in ASDM

Static NAT in ASDM
Advanced Static NAT Settings in ASDM
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
60

61. Configuring AAA Authentication

User Accounts Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
61

62. Configuring AAA Authentication (Cont.)

Add User Account Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
62

63. Configuring AAA Authentication (Cont.)

AAA Server Groups Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
63

64. Configuring AAA Authentication (Cont.)

Add AAA Server Group Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Add AAA Server Window
Cisco Public
64

65. Configuring AAA Authentication (Cont.)

Completed AAA Server Groups Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
65

66. Configuring AAA Authentication (Cont.)

AAA Access Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
66

67. Configuring AAA Authentication (Cont.)

AAA Access > Authentication Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
67

68. Configuring a Service Policy Using ASDM

Service Policy in ASDM
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
68

69. Configuring a Service Policy Using ASDM (Cont.)

Configure a Service Policy
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
69

70. Configuring a Service Policy Using ASDM (Cont.)

Configure Traffic Classification Criteria
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70

71. Configuring a Service Policy Using ASDM (Cont.)

Configure Actions
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
71

72. Section 10.2: ASA VPN Configuration

Upon completion of this section, you should be able to:
• Explain how the ASA supports site-to-site VPNs.
• Configure remote-access VPNs on an ASA.
• Configure remote-access VPN support using a clientless SSL VPN.
• Configure remote-access VPN support using Cisco AnyConnect.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
72

73. Topic 10.2.1: Site-to-Site VPNs

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
73

74. ASA Support for Site-to-Site VPNs

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
74

75. ASA Site-to-Site VPNs Using ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
75

76. Configuring the ISR Site-to-Site VPNs Using the CLI

Basic ISR Configuration
Configure the ISAKMP Policy
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
76

77. Configuring the ISR Site-to-Site VPNs Using the CLI (Cont.)

Configure the IPsec and VPN ACL
Configure and Apply the Crypto Map
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
77

78. Configuring the ASA Site-to-Site VPNs Using ASDM

Basic ISR Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
78

79. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

Introduction Window
Peer Device
Identification Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
79

80. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

Traffic to Protect
Window
Security Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
80

81. Configuring the ASA Site-to-Site VPNs Using ASDM (Cont.)

NAT Exempt Window
Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
81

82. Verifying Site-to-Site VPNs Using ASDM

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
82

83. Test the Site-to-Site VPNs Using ASDM

Establish the VPN Tunnel Connection to the Remote Network
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
83

84. Test the Site-to-Site VPNs Using ASDM (Cont.)

Monitoring the VPN Tunnel
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
84

85. Test the Site-to-Site VPNs Using ASDM (Cont.)

Verify VPN Tunnel Connectivity from the External Host
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
85

86. Topic 10.2.2: Remote-Access VPNs

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
86

87. Remote-Access VPN Options

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
87

88. IPsec Versus SSL

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
88

89. IPsec Versus SSL (Cont.)

Comparing IPsec and SSL
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
89

90. ASA SSL VPNs

Remote Access VPN Wizards
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
90

91. ASA SSL VPNs (Cont.)

Cisco ASA SSL Remote Access VPN Solutions
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
91

92. Clientless SSL VPN Solution

Cisco ASA Clientless SSL VPN Deployment
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
92

93. Clientless SSL VPN Solution (Cont.)

Clientless Login Web page
Web Portal Home Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
93

94. Client-Based SSL VPN Solution

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
94

95. Cisco AnyConnect Secure Mobility Client

AnyConnect
Connection Window
AnyConnect
Authenticate
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
95

96. Cisco AnyConnect Secure Mobility Client (Cont.)

AnyConnect
Authenticated Window
AnyConnect Statistics
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
96

97. AnyConnect for Mobile Devices

Cisco AnyConnect Secure Mobility Client is available on the following
platforms:
• iOS
• Android
• BlackBerry
• Windows Mobile
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
97

98. Topic 10.2.3: Configuring Clientless SSL VPN

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
98

99. Configuring Clientless SSL VPN on an ASA

ASDM Assistant
Clientless VPN
Wizard
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
99

100. Sample Clientless VPN Topology

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
100

101. Clientless SSL VPN

Introduction Window
SSL VPN Interface
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
101

102. Clientless SSL VPN (Cont.)

User Authentication
Window
Group Policy Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102

103. Clientless SSL VPN (Cont.)

Bookmark List Window
Configure GUI Customization
Objects Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
103

104. Clientless SSL VPN (Cont.)

Add Bookmark List
Window
Select Bookmark Type
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
104

105. Clientless SSL VPN (Cont.)

Add Bookmark Window
Revised Add Bookmark List
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
105

106. Clientless SSL VPN (Cont.)

Revised Configure GUI
Customization Objects Window
Revised Bookmark List
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
106

107. Clientless SSL VPN (Cont.)

Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107

108. Verifying Clientless SSL VPN

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
108

109. Testing the Clientless SSL VPN Connection

Security Certificate Window
Logon Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
109

110. Testing the Clientless SSL VPN Connection (Cont.)

Web Portal Home Page
Web Portal Web Access
Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
110

111. Testing the Clientless SSL VPN Connection (Cont.)

Web Portal File Access Page
Log Out of the Web Portal
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
111

112. Viewing the Generated CLI Config

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
112

113. Topic 10.2.4: Configuring AnyConnect SSL VPN

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
113

114. Configuring SSL VPN AnyConnect

ASDM Assistant
Client-Based VPN Wizard
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
114

115. Sample SSL VPN Topology

© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
115

116. AnyConnect SSL VPN

AnyConnect VPN Wizard
Introduction Window
Connection Profile
Identification Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
116

117. AnyConnect SSL VPN (Cont.)

VPN Protocols Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
117

118. AnyConnect SSL VPN (Cont.)

Client Images Window
Add AnyConnect
Client Image Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
118

119. AnyConnect SSL VPN (Cont.)

Browse Flash Window
Add AnyConnect
Client Image Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
119

120. AnyConnect SSL VPN (Cont.)

Completed Client Images Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
120

121. AnyConnect SSL VPN (Cont.)

Authentication Methods Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
121

122. AnyConnect SSL VPN (Cont.)

Client Address
Management Window
Add IPv4 Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
122

123. AnyConnect SSL VPN (Cont.)

Completed Client Address
Management Window
Network Name Resolution
Servers Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
123

124. AnyConnect SSL VPN (Cont.)

Completed Network Name Resolution Servers Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
124

125. AnyConnect SSL VPN (Cont.)

NAT Exempt Window
Completed NAT Exempt
Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
125

126. AnyConnect SSL VPN (Cont.)

AnyConnect Client
Deployment
Summary Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
126

127. Verifying AnyConnect Connection

AnyConnect Connection Profiles Page
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
127

128. Verifying AnyConnect Connection (Cont.)

Verifying the Client-Based Configuration
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
128

129. Install the AnyConnect Client

Security Certificate Window
Logon Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
129

130. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Client
Window
Manual Installation Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
130

131. Install the AnyConnect Client (Cont.)

Run Installer Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
131

132. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Client Setup Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
132

133. Install the AnyConnect Client (Cont.)

End-User Agreement Window
User Account Control Security Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
133

134. Install the AnyConnect Client (Cont.)

Ready to Install AnyConnect Client
Installing the AnyConnect Client
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
134

135. Install the AnyConnect Client (Cont.)

Complete Cisco AnyConnect VPN Installation
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
135

136. Install the AnyConnect Client (Cont.)

Start the Cisco AnyConnect VPN
Cisco
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco AnyConnect VPN Client
Window
Cisco Public
136

137. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Connect Window
Certificate Security Warning Window
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
137

138. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN Authentication
Window
Cisco AnyConnect VPN Icon in
System Tray
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
138

139. Install the AnyConnect Client (Cont.)

Cisco AnyConnect VPN
Client Status
© 2013 Cisco and/or its affiliates. All rights reserved.
Verifying Connectivity to Internal
Network
Cisco Public
139

140. Viewing the Generated CLI Config

AnyConnect SSL
VPN Configuration
settings:
• NAT
• WebVPN
• Group policy
• Tunnel group
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
140

141. Section 10.3: Summary

Chapter Objectives:
• Implement an ASA firewall configuration.
• Configure remote-access VPNs on an ASA.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
141

142.

Thank you.

143. Instructor Resources

• Remember, there are
helpful tutorials and user
guides available via your
NetSpace home page.
(https://www.netacad.com)
1
2
• These resources cover a
variety of topics including
navigation, assessments,
and assignments.
• A screenshot has been
provided here highlighting
the tutorials related to
activating exams, managing
assessments, and creating
quizzes.
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Public
143
English     Русский Правила