Contents
lii
Cisco ASA 5500 Series Configuration Guide using the CLI
Using Related Commands 72-5
CHAPTER
73 Configuring LAN-to-LAN IPsec VPNs 73-1
Summary of the Configuration 73-1
Configuring Interfaces 73-2
Configuring ISAKMP Policy and Enabling ISAKMP on the Outside Interface 73-3
Configuring ISAKMP Policies for IKEv1 Connections 73-4
Configuring ISAKMP Policies for IKEv2 Connections 73-4
Creating an IKEv1 Transform Set 73-5
Creating an IKEv2 Proposal 73-6
Configuring an ACL 73-7
Defining a Tunnel Group 73-7
Creating a Crypto Map and Applying It To an Interface 73-9
Applying Crypto Maps to Interfaces 73-10
CHAPTER
74 Configuring Clientless SSL VPN 74-1
Information About Clientless SSL VPN 74-1
Licensing Requirements 74-2
Prerequisites for Clientless SSL VPN 74-4
Guidelines and Limitations 74-4
Observing Clientless SSL VPN Security Precautions 74-5
Disabling URL on the Portal Page 74-6
Using SSL to Access the Central Site 74-6
Using HTTPS for Clientless SSL VPN Sessions 74-7
Configuring Clientless SSL VPN and ASDM Ports 74-7
Configuring Support for Proxy Servers 74-8
Configuring SSL/TLS Encryption Protocols 74-10
Authenticating with Digital Certificates 74-11
Enabling Cookies on Browsers for Clientless SSL VPN 74-11
Configuring Application Helper 74-11
Managing Passwords 74-12
Using Single Sign-on with Clientless SSL VPN 74-13
Configuring SSO with HTTP Basic or NTLM Authentication 74-14
Configuring SSO Authentication Using SiteMinder 74-15
Adding the Cisco Authentication Scheme to SiteMinder 74-16
Configuring SSO Authentication Using SAML Browser Post Profile 74-17
Configuring the SAML POST SSO Server 74-19
Configuring SSO with the HTTP Form Protocol 74-20