Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
72-66
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring File Access
Step 6 Click the Application Access link.
The Application Access window appears. Application Access is now enabled.
Configuring File Access
Clientless SSL VPN serves remote users with HTTPS portal pages that interface with proxy CIFS and/or
FTP clients running on the ASA. Using either CIFS or FTP, clientless SSL VPN provides users with
network access to the files on the network, to the extent that the users meet user authentication
requirements and the file properties do not restrict access. The CIFS and FTP clients are transparent; the
portal pages delivered by clientless SSL VPN provide the appearance of direct access to the file systems.
When a user requests a list of files, clientless SSL VPN queries the server designated as the master
browser for the IP address of the server containing the list. The ASA gets the list and delivers it to the
remote user on a portal page.
Clientless SSL VPN lets the user invoke the following CIFS and FTP functions, depending on user
authentication requirements and file properties:
Navigate and list domains and workgroups, servers within a domain or workgroup, shares within a
server, and files within a share or directory
Create directories
Download, upload, rename, move, and delete files
The ASA uses a master browser, WINS server, or DNS server, typically on the same network as the ASA
or reachable from that network, to query the network for a list of servers when the remote user clicks
Browse Networks in the menu of the portal page or on the toolbar displayed during the clientless SSL
VPN session.
The master browser or DNS server provides the CIFS/FTP client on the ASA with a list of the resources
on the network, which clientless SSL VPN serves to the remote user.
Note Before configuring file access, you must configure the shares on the servers for user access.
CIFS File Access Requirement and Limitation
To access \\server\share\subfolder\personal folder, the user must have list permission for all
points above
personal folder.
Clientless SSL VPN does not support the Copy and Paste buttons displayed on the CIFS browser. Users
must click Download to copy files from CIFS directories to the local desktop.
The CIFS browse server feature does not support double-byte character share names (share names
exceeding 13 characters in length). This only affects the list of folders displayed, and does not affect user
access to the folder. As a workaround, you can pre-configure the bookmark(s) for the CIFS folder(s) that
use double-byte share names, or the user can enter the URL or bookmark of the folder in the format
cifs://server/<long-folder-name> . For example:
cifs://server/Do you remember?
cifs://server/Do%20you%20remember%3F