74-35
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
• Populates the drop-down menu next to the URL attributes in ASDM.
• Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.
Table 74-4 shows the changes to the main menu and address field of the portal page when you add the
plug-ins described in the following sections.
When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.
Some Java plug-ins may report a status of connected or online even when a session to the destination
service is not set up. The open-source plug-in reports the status, not the ASA.
The plug-ins support single sign-on (SSO). Refer to the “Configuring SSO with the HTTP Form
Protocol” section on page 74-20 for implementation details.
The minimum access rights required for remote use belong to the guest privilege mode.
Prerequisites
• Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.
• To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a
link to the server, and specify SSO support when adding the bookmark.
• The minimum access rights required for remote use belong to the guest privilege mode.
• Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be
enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.
Restrictions
• The plug-ins do not work if the security appliance configures the clientless session to use a proxy
server.
Note The remote desktop protocol plug-in does not support load balancing with a session broker.
Because of the way the protocol handles the redirect from the session broker, the connection
fails. If a session broker is not used, the plug-in works.
Table 74-4 Effects of Plug-ins on the Clientless SSL VPN Portal Page
Plug-in Main Menu Option Added to Portal Page Address Field Option Added to Portal Page
ica Citrix Client ica://
rdp Terminal Servers rdp://
rdp2 Terminal Servers Vista rdp2://
ssh,telnet SSH ssh://
Telnet telnet://
vnc VNC Client vnc://