Support User Manuals

Cisco Systems ASA 5525-X Network Router User Manual

Open as PDF

of 2086

72-121

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 72 Configuring Clientless SSL VPN

Configuring Browser Access to Client-Server Plug-ins

Note A secondary ASA obtains the plug-ins from the primary ASA.

When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the

portal page displays a window to the interface and displays a help pane. The user can select the protocol

displayed in the drop-down menu and enter the URL in the Address field to establish a connection.

Note Some Java plug-ins may report a status of connected or online even when a session to the destination

service is not set up. The open-source plug-in reports the status, not the ASA.

Before installing the first plug-in, you must follow the instructions in the next section.

Prerequisites

• The plug-ins do not work if the security appliance configures the clientless session to use a proxy

server.

Note The remote desktop protocol plug-in does not support load balancing with a session broker.

Because of the way the protocol handles the redirect from the session broker, the connection

fails. If a session broker is not used, the plug-in works.

• The plug-ins support single sign-on (SSO). They use the same credentials entered to open the

clientless SSL VPN session. Because the plug-ins do not support macro substitution, you do not

have the options to perform SSO on different fields such as the internal domain password or on an

attribute on a RADIUS or LDAP server.

• To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a

link to the server, and specify SSO support when adding the bookmark.

• The minimum access rights required for remote use belong to the guest privilege mode.

Requirements

• Per the GNU General Public License (GPL), Cisco redistributes plug-ins without having made any

changes to them. Per the GPL, Cisco cannot directly enhance these plug-ins.

• Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.

Table 72-12 Effects of Plug-ins on the Clientless SSL VPN Portal Page

Plug-in Main Menu Option Added to Portal Page Address Field Option Added to Portal Page

ica Citrix Client citrix://

rdp Terminal Servers rdp://

rdp2 Terminal Servers Vista rdp2://

ssh,telnet SSH ssh://

Telnet telnet://

vnc VNC Client vnc://

previous next