Support User Manuals

Cisco Systems ASA5515K9 Network Router User Manual

Open as PDF

of 1994

74-38

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

Detailed Steps

Follow these steps to provide clientless SSL VPN browser access to a plug-in redistributed by Cisco.

Note The ASA does not retain the import webvpn plug-in protocol command in the configuration. Instead,

it loads the contents of the

csco-config/97/plugin directory automatically. A secondary ASA obtains

the plug-ins from the primary ASA.

Providing Access to Third-Party Plug-ins

The open framework of the security appliance lets you add plug-ins to support third-party Java

client/server applications. The POST plug-in was developed to solve some key single sign-on (SSO) and

homepage requirements for certain applications like Citrix Web Interface. This clientless SSL VPN

plug-in as the following key capabilities:

• The option to display the homepage for a Web application (such as Citrix) in the right frame, as part

of the default clientless portal, or as the only frame in the page (completely hiding anything that is

part of the Cisco portal).

• The option for SSO on the homepage or with an application using WebVPN variables (also known

as macros) (and therefore HTTP-POST parameters).

• The option to preload a page before issuing a POST request. This option becomes necessary when

a logon page for an application sets some cookies.

Command Purpose

Step 1

import webvpn plug-in protocol [ rdp | rdp2 |

ssh,telnet | vnc ]

URL

Example:

hostname# import webvpn plug-in protocol ssh,telnet

tftp://local_tftp_server/plugins/ssh-plugin.jar

Accessing

tftp://local_tftp_server/plugins/ssh-plugin.jar...!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Writing file disk0:/csco_config/97/plugin/ssh...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!

238510 bytes copied in 3.650 secs (79503 bytes/sec)

Installs the plug-in onto the flash device of the ASA.

protocol is one of the following values: ssh,telnet

provides plug-in access to both Secure Shell and

Telnet services.

Note Do not enter this command once for SSH

and once for Telnet. When typing the

ssh,telnet string, do not insert a space.

URL is the remote path to the plug-in .jar file. Enter

the host name or address of the TFTP or FTP server

and the path to the plug-in.

Step 2

(Optional)

revert webvpn plug-in protocol protocol

Example:

hostname# revert webvpn plug-in protocol rdp

Disables and removes clientless SSL VPN support

for a plug-in, as well as removing it from the flash

drive of the ASA.

previous next