Web VPN sessions are now integral parts secured communication hauls. Unlike Web VPN, SSL makes use of digital certificates to authenticate, which generally is a server-side authentication. The truth is that, by default, the concentrator creates some sort of self-signed efficient SSL server certification when it starts to boot up. Another option for you would be to install some sort of 3rd party SSL identity certification that is set on the concentrator. Nevertheless, when you choose this sort of option, you’ll need to install certificates onto your web browser clients.
However, there are primarily 5 basic areas of set up when it comes to the Web VPN onto concentrators based on the VPN 3000. The five are the HTTPS accessibility, system-wide Web VPN parameters, Group Web VPN configuration, SSL VPN Client (SVC) and Cisco Secure Desktop (or CSD) for Web VPN accessibility. Let us turn to the issue of HTTPS Access. Among the initial steps that you have to take is to ensure that HTTPS accessibility along with Web VPN accessibility is allowed into the concentrator. Firstly, you have to ensure that HTTPS accessibility is facilitated by the concentrator. There’re 2 basic areas you’ll have to examine as well as change, namely – HTTPS properties and the configuration of the Web VPN.
First take a good look at the HTTPS Properties. For accessing HTTPS Properties of the concentrator, hit Configuration, then Tunneling, then Security and then SSL. There’re usually 2 options available on this page, namely – HTTPS and Protocols. When you actually click on the HTTPS hyperlink, you will see basically 3 options, like Enable HTTPS (it’s a check box for enabling or disabling HTTPS accessibility, but by default it’s enabled), HTTPS Port (it’s a text box that allows you to alter the underlying TCP port number which would be used by the HTTPS accessibility and this one will defaults to 443, while you are at your liberty to change it into yet another number for enhancing your security levels) and Client Authentication (this one is a check box as well, and when checked, it will allow the underlying concentrator to easily verify the digital certificate of the client).
If you’ve chosen this option in particular, you need to install the certificates all by yourself manually on virtually all the web browsers of your client as well as on the concentrator. You need to configure the authorization server by utilizing RADIUS or LDAP. Next, in the IPsec tab of the group configuration, you need to set the Authentication to the “None” option and then set the Authorization Type to “RADIUS” or could also set it to “LDAP.” Keep in mind that the concentrator in concern sends the by DN Field parameter’s described / specified contents in this tab into the authorization server that generally is the info that you find in the field of Common Name (or CN) of that certificate. Rather than utilizing the client-side certificate, you’ll be able to utilize usernames as well as passwords for the sake of user authentication.