Support User Manuals

Cisco Systems ASA5515K9 Network Router User Manual

Open as PDF

of 1994

74-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using SSL to Access the Central Site

The ASA clientless SSL VPN configuration supports only one http-proxy and one http-proxy

command each. For example, if one instance of the http-proxy command is already present in the

running configuration and you enter another, the CLI overwrites the previous instance.

Note Proxy NTLM authentication is not supported in http-proxy. Only proxy without authentication and

basic authentication are supported.

Configuring SSL/TLS Encryption Protocols

Prerequisites

TCP Port Forwarding requires Sun Microsystems Java Runtime Environment (JRE) version 1.4.x and

1.5.x. Port forwarding does not work when a user of clientless SSL VPN connects with some SSL

versions, as follows:

• Negotiate SSLv3—Java downloads

• Negotiate SSLv3/TLSv1—Java downloads

• Negotiate TLSv1—Java does NOT download

• TLSv1 Only—Java does NOT download

• SSLv3Only—Java does NOT download

Restrictions

When you set SSL/TLS encryption protocols, be aware of the following:

• Make sure that the ASA and the browser you use allow the same SSL/TLS encryption protocols.

• If you configure e-mail proxy, do not set the ASA SSL version to TLSv1 Only. Microsoft Outlook

and Microsoft Outlook Express do not support TLS.

Prerequisites

Browser cookies are required for the proper operation of clientless SSL VPN.

Step 16

Example:

hostname(config-webvpn)# http-proxy 209.165.201.1

user jsmith password mysecretdonttell

hostname(config-webvpn)

Shows how to configure use of an HTTP proxy

server with an IP address of 209.165. 201.1 using the

default port, sending a username and password with

each HTTP request.

Step 17

Example:

hostname(config-webvpn)# http-proxy 209.165.201.1

exclude www.example.com username jsmith password

mysecretdonttell

hostname(config-webvpn)

Shows the same command, except when the ASA

receives the specific URL www.example.com in an

HTTP request, it resolves the request instead of

passing it on to the proxy server.

Step 18

Example:

hostname(config-webvpn)# http-proxy pac

http://www.example.com/pac

hostname(config-webvpn)

Shows how to specify a URL to serve a proxy

autoconfiguration file to the browser.

Command Purpose

previous next