71-6
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 71 Clientless SSL VPN End User Set-up
Configuring Remote Systems to Use Clientless SSL VPN Features
Using Applications
(called Port Forwarding
or Application Access)
Note On Macintosh OS X, only the Safari browser supports this feature.
Note Because this feature requires installing Sun Microsystems Java™ Runtime Environment
and configuring the local clients, and because doing so requires administrator permissions
on the local system, it is unlikely that users will be able to use applications when they
connect from public remote systems.
Caution Users should always close the Application Access window when they finish using
applications by clicking the Close icon. Failure to quit the window properly can cause
Application Access or the applications themselves to be disabled.
Client applications installed —
Cookies enabled on browser —
Administrator privileges
User must have administrator access on the PC if
you use DNS names to specify servers because
modifying the hosts file requires it.
Sun Microsystems Java Runtime
Environment (JRE) version 1.4.x and 1.5.x
installed.
Javascript must be enabled on the browser.
By default, it is enabled.
If JRE is not installed, a pop-up window displays,
directing users to a site where it is available.
On rare occasions, the port forwarding applet fails
with JAVA exception errors. If this happens, do
the following:
1. Clear the browser cache and close the browser.
2. Verify that no JAVA icons are in the computer
task bar. Close all instances of JAVA.
3. Establish a Clientless SSL VPN session and
launch the port forwarding JAVA applet.
Client applications configured, if necessary.
Note The Microsoft Outlook client does
not require this configuration step.
All non-Windows client applications require
configuration.
To see if configuration is necessary for a
Windows application, check the value of the
Remote Server.
• If the Remote Server contains the server
hostname, you do not need to configure
the client application.
• If the Remote Server field contains an IP
address, you must configure the client
application.
To configure the client application, use the server’s
locally mapped IP address and port number. To
find this information:
1. Start Clientless SSL VPN on the remote
system and click the Application Access link
on the Clientless SSL VPN Home page. The
Application Access window appears.
2. In the Name column, find the name of the
server you want to use, then identify its
corresponding client IP address and port
number (in the Local column).
3. Use this IP address and port number to
configure the client application. Configuration
steps vary for each client application.
Note Clicking a URL (such as one in an -e-mail message) in an application running over
Clientless SSL VPN does not open the site over Clientless SSL VPN. To open a site over
Clientless SSL VPN, cut and paste the URL into the Enter (URL) Address field.
Table 71-2 Clientless SSL VPN Remote System Configuration and End User Requirements (continued)
Task Remote System or End User Requirements Specifications or Use Suggestions