.html.resources/35C60977-6118-4C14-9D60-EE501A03DA46.png)
CLIENTLESS MODE:
ASA1:
username user1 password user1
webvpn
enable OUTSIDE
port 4443 // In order to avoid conflict between ASDM & webvpn for port 443//
!
Run Notepad as administrator in ur pc and open the file “HOSTS” (Location à C:/windows/system32 /drivers/etc) and map the entry for www.ssl.com to the address 10.1.3.10 and save it.
Now, open your browser and go to https://www.ssl.com
.html.resources/236321C7-06D6-4D1B-903A-FAA262CD47E2.png)
Login with username(user1) and password(user1).
.html.resources/00CE926D-9974-4C05-974B-AE4E0F63F8EB.png)
It gives us 4 options : http, https, cifs, ftp.
CUSTOMIZING THE OPTIONS:
Asa1
group-policy MYPOLICY internal
group-policy MYPOLICY attributes
banner value WELCOME TO CISCO
client-firewall none
webvpn
file-browsing enable
file-entry enable
!
!
access-list SSL webtype permit url cifs://10.1.1.7
access-list SSL webtype permit url http://10.1.2.1
group-policy MYPOLICY attributes
webvpn
filter value SSL
!
!
tunnel-group CCIE type remote-access
tunnel-group CCIE general-attributes
default-group-policy MYPOLICY
!
tunnel-group CCIE webvpn-attributes
without-csd
group-alias NH
!
webvpn
tunnel-group-list enable
!
username user1 attributes
vpn-tunnel-protocol ssl-clientless ssl-client
group-lock value CCIE
!
Now, open your browser and go to https://www.ssl.com.
.html.resources/5BE4C30C-D0A1-4B15-B5D6-5B1C1B65802D.png)
It will prompt for username and password along with the group. If we login, it will show the banner message also.
THIN CLIENT mode:
ASA1:
webvpn
port-forward PORT 2323 10.1.2.1 23
group-policy MYPOLICY attributes
webvpn
!
access-list SSL webtype permit tcp host 10.1.2.1 eq 23
Now, open your browser and go to https://www.ssl.com and login.
.html.resources/4C06EBA0-6FEC-46E2-931A-528EF5ED82F7.png)
We will get an additional tab through which we can install the applet. Install the applet and it will provide us with the local address along with the port number in order to telnet to the telnet server.
.html.resources/2D123ABF-CCB0-45BA-A4CA-C314764CE1B1.png)
From our pc, telnet to 127.0.0.1:2323 and ASA1 will automatically redirect the request to telnet server.
.html.resources/1E4DFA74-90F6-42B9-8706-EF0E42A97759.png)
CAPTURED PACKET:
The data is sent in encrypted format in the ssl tunnel (between ASA1 and external pc).
.html.resources/A79DE984-089E-49DF-823B-3D4B873E2F09.png)
The data is sent in plaintext between ASA1 and internal server.
.html.resources/96193C32-302C-4168-B217-DCF8A168BB60.png)