Cisco Systems ASA 5525-X Network Router User Manual


  Open as PDF
of 2086
 
72-122
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring Browser Access to Client-Server Plug-ins
A stateful failover does not retain sessions established using plug-ins. Users must reconnect
following a failover.
Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be
enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.
RDP Plug-in ActiveX Debug Quick Reference
To set up and use an RDP plug-in, you must add a new environment variable. For the process of adding
a new environment variable, use the following steps:
Step 1 Right-click My Computer to access the System Properties and choose the Advanced tab.
Step 2 On the Advanced tab, choose the environment variables button.
Step 3 In the new user variable dialog box, enter the RF_DEBUG variable.
Step 4 Verify the new Environment Variable in the user variables section.
Step 5 If you used the client computer with versions of WebVPN before version 8.3, you must remove the old
Cisco Portforwarder Control. Go to the C:/WINDOWS/Downloaded Program Files directory, right-click
portforwarder control, and choose Remove.
Step 6 Clear all of the Internet Explorer browser cache.
Step 7 Launch your WebVPN session and establish an RDP session with the RDP ActiveX Plug-in.
You can now observe events in the Windows Application Event viewer.
Preparing the Security Appliance for a Plug-in
Before installing a plug-in, prepare the ASA by performing the following steps:
Step 1 Make sure clientless SSL VPN (“webvpn”) is enabled on an ASA interface.
Step 2 Install an SSL certificate onto the ASA interface to which remote users use a fully-qualified domain
name (FQDN) to connect.
Note Do not specify an IP address as the common name (CN) for the SSL certificate. The remote user
attempts to use the FQDN to communicate with the ASA. The remote PC must be able to use
DNS or an entry in the System32\drivers\etc\hosts file to resolve the FQDN.
Customizing Help
The ASA displays help content on the application panels during clientless SSL VPN sessions. You can
customize the help files provided by Cisco or create help files in other languages. You then import them
to flash memory for display during subsequent clientless sessions. You can also retrieve previously
imported help content files, modify them, and reimport them to flash memory.