Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Similar documents
External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Accessing the Media General SSL VPN

DIGIPASS Authentication for Cisco ASA 5500 Series

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

Deploying Cisco ASA VPN Solutions Exam.

Clientless SSL VPN Users

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuring Single Sign-on for WebVPN

Scenario: IPsec Remote-Access VPN Configuration

Cisco ASA Authentication QUICKStart Guide

How To Configure SSL VPN in Cyberoam

ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

Strong Authentication for Cisco ASA 5500 Series

Scenario: Remote-Access VPN Configuration

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Managing Software and Configurations

Connecting an Android to a FortiGate with SSL VPN

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

Cisco ASA 5500-X Series ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Video Administration Backup and Restore Procedures

Chapter 3 Authenticating Users

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Cisco ASA. Administrators

Configure ISE Version 1.4 Posture with Microsoft WSUS

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Cisco ASA

Setting Up Scan to SMB on TaskALFA series MFP s.

GoldKey and Cisco AnyConnect

Configuration Guide. BES12 Cloud

IIS, FTP Server and Windows

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

Campus VPN. Version 1.0 September 22, 2008

Integrating ConnectWise Service Desk Ticketing with the Cisco OnPlus Portal

Sophos UTM. Remote Access via SSL Configuring Remote Client

NAC Guest. Lab Exercises

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

DIGIPASS Authentication for Sonicwall Aventail SSL VPN

Managing Identities and Admin Access

App Orchestration 2.0

NAS 323 Using Your NAS as a VPN Server

Implementing Cisco TelePresence Video Solution, Part 1

Configuring Global Protect SSL VPN with a user-defined port

DIGIPASS Authentication for Check Point Connectra

Multi-Factor Authentication Job Aide

Deploying Cisco ASA VPN Solutions

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Sophos UTM. Remote Access via IPsec Configuring Remote Client

Deploying Cisco ASA VPN Solutions (VPN v1.0) Version: Demo. Page <<1/7>>

ADFS Integration Guidelines

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

VPN: Using WebVPN SSL Client This document outlines the process for using the WebVPN SSL with Internet Explorer and Firefox

NSi Mobile Installation Guide. Version 6.2

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

QUANTIFY INSTALLATION GUIDE

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Defender Token Deployment System Quick Start Guide

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

WhatsUp Gold v16.2 MSP Edition Deployment Guide This guide provides information about installing and configuring WhatsUp Gold MSP Edition to central

Implementing Core Cisco ASA Security (SASAC)

VPN: Using the WebVPN SSL Client

ecfshome-ts Terminal Server How to Use

Getting Started - Client VPN

NovaBACKUP xsp Version 15.0 Upgrade Guide

F-Secure Messaging Security Gateway. Deployment Guide

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

For paid computer support call

ecstudent-ts Terminal Server How to Use

Configuring IPsec VPN with a FortiGate and a Cisco ASA

VPN_2: Deploying Cisco ASA VPN Solutions

System Administration Training Guide. S100 Installation and Site Management

Maintaining the Content Server

SonicWALL SRA Virtual Appliance Getting Started Guide

DUO SECURITY CISCO VPN USER GUIDE 1/27/2016

Juniper SSL VPN Authentication QUICKStart Guide

Getting Started with StoreGrid Cloud

Office of Information Technology VPN Client Instructions

Using VPN. DJJ Staff

Copyright 2012 Trend Micro Incorporated. All rights reserved.

RoomWizard Synchronization Software Manual Installation Instructions

Resource Guide INSTALL AND CONNECT TO CISCO ANYCONNECT VPN CLIENT (FOR WINDOWS COMPUTERS)

GlobalSign Enterprise Solutions

Cisco Unified Communications Manager SIP Trunk Configuration Guide

Setting Up and Accessing VPN

DIGIPASS Authentication for SonicWALL SSL-VPN

BlackBerry Enterprise Service 10. Version: Configuration Guide

Configuration Guide BES12. Version 12.2

VERALAB LDAP Configuration Guide

How do I set up a branch office VPN tunnel with the Management Server?

Active Directory integration with CloudByte ElastiStor

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

ASA 8.x: Renew and Install the SSL Certificate with ASDM

Polycom CMA System Upgrade Guide

Sophos Mobile Control Super administrator guide. Product version: 3

App Orchestration 2.5

MadCap Software. Upgrading Guide. Pulse

Transcription:

Workspot Configuration Guide for the Cisco Adaptive Security Appliance Workspot, Inc. 1/27/2015

Cisco ASA and Workspot Overview The Cisco Adaptive Security Appliance (ASA) provides organizations with secure, high performance connectivity and protects critical assets for maximum productivity. Once the Cisco ASA is installed, Workspot can be quickly and easily implemented as no additional on-premise hardware or software required. The Workspot Client connects to the Cisco ASA using the Clientless SSL VPN feature. For more information on the Cisco ASA, go to: http://www.cisco.com/c/en/us/products/security/asa-5500-series-next-generationfirewalls/index.html The Workspot Client runs on mobile devices; Workspot Control, a corresponding cloudbased administration console is used to manage configuration and policies for the environment. For more information on Workspot, go to: http://www.workspot.com Products and Versions Tested The information and screens in this guide are based on the following: Cisco Adaptive Security Appliance 5510 Cisco Adaptive Security Appliance Software Version 9.2 Cisco Adaptive Security Device Manager Version 6.2(5) Prerequisites and Configuration Notes The following are general prerequisites for this guide: The Cisco ASA must be running version 8.0 or later, and should be installed and configured for network connectivity and basic operations, including an AAA Server Group with an authentication server such as Microsoft Active Directory (AD). AnyConnect Apex Licenses o One Apex license for each Workspot user. Apex licenses are based on the number of users regardless of how often they connect or how many devices they use. Contact Cisco or your reseller for more information on Apex license requirements. o If the ASA currently has AnyConnect Plus licenses, Cisco provides trial Apex licenses for one month with the ability to renew for an additional month. See the Cisco Self-Service Trial licenses section for more information. o When using older Cisco ASA models (prior to Apex licensing), AnyConnect Premium licenses are required. All ASA models include two Premium licenses (supporting two concurrent users) that can be used for testing if the ASA is not configured for Cisco Essentials. pg. 1 of 16

Cisco ASDM administrator access to the ASA. DNS names or IP addresses for internal web apps, CIFS file shares and Remote Desktop Services (RDS) servers. Configuring the Cisco ASA for Workspot includes: Creating a new Connection Profile Creating a new AAA Server Group (optional) Creating a new Group Policy enabling Clientless SSL VPN Configuring Group URL Testing the configuration through a web browser Cisco ASA Configuration for Workspot These steps outline the basic configuration of a Cisco ASA to support Workspot. Sign into the Cisco ASDM utility and configure a Clientless SSL VPN Connection profile as follows. 1. Create a new Connection Profile. Go to Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection Profiles then click Add. pg. 2 of 16

2. Enter a Name, then select an existing AAA Server Group, enter the DNS parameters as necessary for the network environment, then configure a new Group Policy - under Default Group Policy, click Manage. Note: If an existing AAA Server Group uses an LDAP server configured with an LDAP Attribute Map, then a new AAA Server Group with a LDAP server without the attribute map is required. See the Troubleshooting section for more information. pg. 3 of 16

3. Then click Add to add a new Group Policy. 4. Enter a Name, click More Options, then uncheck the Tunnel Protocols: Inherit and check Clientless SSL VPN to enable the webvpn tunnel protocol. pg. 4 of 16

5. File access is typically enabled by default, click OK to save the Internal Group Policy and proceed to the next step. If file access is not enabled, select Portal, then uncheck all File Access Control settings under Inherit and check Enable settings, then click OK to save. pg. 5 of 16

6. Click OK on the Configure Group Policy dialog to save the policy. 7. On the Connection Profile dialog, click the [+] on Advanced then Clientless SSL VPN. Click Add under Group URL then enter the custom URL. (This URL will be used in Workspot Control VPN configuration.) Then click OK to save the Group URL and then OK again to save the Connection Profile. This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 2.1 pg. 6 of 16

8. Click Apply to apply the changes to the running Cisco ASA configuration. pg. 7 of 16

Testing the Configuration To test the configuration, use any standard browser and go to the URL associated with the Cisco ASA, e.g. https://vpn.mycompany.com/mobile. Enter your Username and Password then click Login. pg. 8 of 16

After a successful login, the Cisco Clientless Portal home page is shown as follows. See Troubleshooting if the Portal page is not shown. If the cifs:// option appears in the Address dropdown, then file access has been enabled. If cifs:// is not available, go back to make the changes outlined in step 5 to enable file access. Note that Web and File browsing and bookmarks are for testing purposes and are not required for Workspot. The Cisco ASA is now properly configured for Clientless SSL VPN. pg. 9 of 16

Configure the Cisco VPN in Workspot Control The custom URL as configured in the Cisco ASA should be entered into the Workspot Control VPN configuration by adding a new network. pg. 10 of 16

Troubleshooting If Cisco AnyConnect client download page (as show below) appears instead of the Cisco Clientless Portal, this may indicate that the LDAP Attribute Map is configured. Verify that Cisco Apex (shown as Premium) licenses are enabled. Enter the show run command on the Cisco ASA and check the configuration for the no anyconnectessentials command in the webvpn section. Cisco ASA Configuration webvpn enable backup enable outside no anyconnect-essentials If the no anyconnect-essentials is present; then a LDAP Attribute Map is configured in the authentication server in server group used for the Workspot Connection Profile. Create a new AAA Server Group with the same authentication settings and specify the pg. 11 of 16

LDAP Attribute Map to be None--. Cisco Self-Service Trial licenses Cisco provides one month trial licenses for all premium features. These licenses will have max simultaneous premium, mobile, phone and advanced endpoint assessment enabled. These licenses can be renewed once. Follow the same steps below for extending the trial for another month. These are time-based licenses so applying a new license will overwrite the original. pg. 12 of 16

Note: These licenses cannot be used for the Cisco ASAv (virtual appliance). Open browser and navigate to http://www.cisco.com/go/license. Log into your Cisco account. Continue to the next page by clicking on Continue to Product License Registration. pg. 13 of 16

On the main Product License Registration; select Get Other Licenses to bring the dropdown menu then select Demo and Evaluation. Get Demo and Evaluation Licenses screen will appear, step 1. Select Security Products as Product Family then select AnyConnect Plus/Apex (ASA) Demo License as Product. Click Next to continue. pg. 14 of 16

For step 2, enter the Serial Number from the output from show version and enter any amount for How many users do you intend to support in your environment? field (this WILL NOT affect the license count). Click Next. For step 3, confirm Send To email and Serial Number. Click Submit. pg. 15 of 16

You should receive an email with an activation key. Follow the steps to apply: 1. Start Cisco ASA command line 2. Activate the license key with: > activation-key xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx xxxxxxxx 3. Enable premium functionality with: > webvpn > no anyconnect-essentials pg. 16 of 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information