天亮了说晚安's Blog

本文转自：https://www.cisco.com/c/zh_cn/support/docs/wireless/mobility-express-aironet-access-points/215410-convert-capwap-1852-access-point-ap-to.html 目录 简介先决条件要求使用的组件配置步骤1.下载移动性快速软件AIR-AP1850-K9-ME-8-10-112-0.zip并且解压缩文件。步骤2.确保1852有网络协议(IP)地址。第 3 步：在转换AP不提及什么关于移动性高速公路前。步骤4.运行命令和使用ap1g4作为文件名。第 5 步：在AP重启以后的少量分钟， Cisco向导配置工具将启动。步骤6.如镜像所显示10.10.1.232分配作为移动性Express的管理IP地址和用于访问图形用户界面(GUI)。验证故障排除 简介 本文描述如何转换一轻量级接入点(LWAP) 1852对移动性Express (ME)。 先决条件 要求 Cisco 建议您了解以下主题： 对AP的CLI访问使用控制台电缆。简单文件传输协议(TFTP)服务器。 使用的组件 1852I APTFTP 服务器 本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。 配置 网络图 步骤1.下载移动性快速软件AIR-AP1850-......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-troubleshooting.html Chapter: Clientless SSL VPN Troubleshooting Chapter Contents Recover from Hosts File Errors When Using Application AccessWebVPN Conditional DebuggingCapture DataProtect Clientless SSL VPN Session Cookies Recover from Hosts File Errors When Using Application Access To prevent hosts file errors that can interfere with Application Access, close the Application Access window properly when you finish using Application Access. To do so, click the close icon. When Application Access terminates abnormally, the hosts file remains in a Clientless SSL VPN-customized state. Clientless SSL VPN checks the state the next time you start Application Access by searching for a hosts.webvpn file. If it finds one, a Backup HOSTS File Found error message appears, and Application Access is temporarily switched off. If Application Acces......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-customizing.html Chapter: Customizing Clientless SSL VPN Chapter Contents Clientless SSL VPN End User SetupCustomize Bookmark Help Clientless SSL VPN End User Setup This section is for the system administrator who sets up Clientless SSL VPN for end users. It describes how to customize the end-user interface and summarizes configuration requirements and tasks for a remote system. It specifies information to communicate to users to get them started using Clientless SSL VPN. Define the End User InterfaceCustomize Clientless SSL VPN PagesInformation About CustomizationExport a Customization TemplateEdit the Customization TemplateImport a Customization ObjectApply Customizations to Connection Profiles, Group Policies, and UsersLogin Screen Advanced CustomizationModify Your HTML File Define the End User Interface The Clientless SSL VPN end user interface c......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-mobile-devices.html Chapter: Clientless SSL VPN with Mobile Devices Chapter Contents Use Clientless SSL VPN with Mobile Devices Use Clientless SSL VPN with Mobile Devices You can access Clientless SSL VPN from your Pocket PC or other certified mobile device. Neither the ASA administrator nor the Clientless SSL VPN user need do anything special to use Clientless SSL VPN with a certified mobile device. Cisco has certified the following mobile device platforms: HP iPaq H4150Pocket PC 2003Windows CE 4.20.0, build 14053Pocket Internet Explorer (PIE)ROM version 1.10.03ENGROM Date: 7/16/2004 Some differences in the mobile device version of Clientless SSL VPN exist: A banner Web page replaces the popup Clientless SSL VPN window.An icon bar replaces the standard Clientless SSL VPN floating toolbar. This bar displays the Go, Home and Logout buttons.The Show......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-users.html Chapter: Clientless SSL VPN Users Chapter Contents Manage PasswordsUse Single Sign-On with Clientless SSL VPNUsername and Password RequirementsCommunicate Security TipsConfigure Remote Systems to Use Clientless SSL VPN Features Manage Passwords Optionally, you can configure the ASA to warn end users when their passwords are about to expire. The ASA supports password management for the RADIUS and LDAP protocols. It supports the “password-expire-in-days” option for LDAP only. You can configure password management for IPsec remote access and SSL VPN tunnel-groups. When you configure password management, the ASA notifies the remote user at login that the user’s current password is about to expire or has expired. The ASA then offers the user the opportunity to change the password. If the current password has not yet expired, the us......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-remote-user-guide.html Chapter: Clientless SSL VPN Remote Users Chapter Contents This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: NoteMake sure that the ASA has been configured for Clientless SSL VPN. Clientless SSL VPN Remote UsersUsernames and PasswordsCommunicate Security TipsConfigure Remote Systems to Use Clientless SSL VPN FeaturesCapture Clientless SSL VPN Data Clientless SSL VPN Remote Users This chapter summarizes configuration requirements and tasks for the user remote system. It also helps users get started with Clientless SSL VPN. It includes the following sections: NoteMake sure that the ASA has been configured for Clientless SSL VPN. Usernames and Passwords Depending on your network, during a remote ......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-policy-groups.html Chapter: Policy Groups Chapter Contents Create and Apply Clientless SSL VPN Policies for Accessing ResourcesConnection Profile Attributes for Clientless SSL VPNGroup Policy and User Attributes for Clientless SSL VPNSmart Tunnel AccessClientless SSL VPN Capture ToolConfigure Portal Access RulesOptimize Clientless SSL VPN Performance Create and Apply Clientless SSL VPN Policies for Accessing Resources Creating and applying policies for Clientless SSL VPN that govern access to resources at an internal server requires you to assign group policies. Assigning users to group policies simplifies the configuration by letting you apply policies to many users. You can use an internal authentication server on the ASA or an external RADIUS or LDAP server to assign users to group policies. See Chapter 4, “Connection Profiles, Group Policies......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-resources.html Chapter: Advanced Clientless SSL VPN Configuration Chapter Contents Microsoft Kerberos Constrained Delegation SolutionConfigure Application Profile Customization FrameworkEncodingUse Email over Clientless SSL VPN Microsoft Kerberos Constrained Delegation Solution Many organizations want to authenticate their Clientless VPN users and extend their authentication credentials seamlessly to web-based resources using authentication methods beyond what the ASA SSO feature can offer today. With the growing demand to authenticate remote access users with smart cards and One-time Passwords (OTPs), the SSO feature falls short in meeting that demand, because it forwards only conventional user credentials, such as static username and password, to clientless web-based resources when authentication is required. For example, neither certificate- n......Read More

本文转自：https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/webvpn-configure-gateway.html Chapter: Basic Clientless SSL VPN Configuration Chapter Contents Rewrite Each URLSwitch Off URL Entry on the Portal PageTrusted Certificate PoolsConfigure Browser Access to Plug-insConfigure Port ForwardingConfigure File AccessEnsure Clock Accuracy for SharePoint AccessVirtual Desktop Infrastructure (VDI)Use SSL to Access Internal ServersConfigure Browser Access to Client-Server Plug-ins Rewrite Each URL By default, the ASA allows all portal traffic to all Web resources (for example HTTPS, CIFS, RDP, and plug-ins). Clientless SSL VPN rewrites each URL to one that is meaningful only to the ASA. The user cannot use this URL to confirm that they are connected to the website they requested. To avoid placing users at risk from phishing websites, assign a Web ACL to the policies configured for clientless access—group policies, dynamic access......Read More