Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
72-62
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Application Access User Notes
Step 2 Using your Cisco.com login, download the file cisco_vpn_auth.jar from
http://www.cisco.com/cisco/software/navigator.html and copy it to the default library directory for the
SiteMinder server. This .jar file is also available on the Cisco ASA CD.
Adding or Editing SSO Servers
This SSO method uses CA SiteMinder and SAML Browser Post Profile. You can also set up SSO using
the HTTP Form protocol, or Basic HTML and NTLM authentication. To use the HTTP Form protocol,
see Configuring Session Settings. To set use basic HTML or NTLM authentication, use the auto-signon
command at the command line interface.
Detailed Steps
Step 1 If adding a server, enter the name of the new SSO server. If editing a server, this field is display only; it
displays the name of the selected SSO server.
Step 2 Display only. Displays the type of SSO server. The types currently supported by the ASA are SiteMinder
and SAML Browser Post Profile.
Step 3 Enter a secret key used to encrypt authentication requests to the SSO server. Key characters can be any
regular or shifted alphanumeric characters. There is no minimum or maximum number of characters. The
secret key is similar to a password: you create it, save it, and configure it. It is configured on the ASA,
the SSO server, and the SiteMinder Policy Server using the Cisco Java plug-in authentication scheme.
Step 4 Enter the number of times the ASA retries a failed SSO authentication attempt before the authentication
times-out. The range is from 1 to 5 retries inclusive, and the default is 3 retries.
Step 5 Enter the number of seconds before a failed SSO authentication attempt times out. The range is from1
to 30 seconds inclusive, and the default is 5 seconds.
Application Access User Notes
The following sections provide information about using application access:
Using Application Access on Vista
Closing Application Access to Prevent hosts File Errors
Recovering from hosts File Errors When Using Application Access
Using Application Access on Vista
Users of Microsoft Windows Vista who use smart tunnels or port forwarding must add the URL of the
ASA to the Trusted Site zone. To access the Trusted Site zone, they must start Internet Explorer and
choose the Tools > Internet Options > Security tab. Vista users can also disable Protected Mode to
facilitate smart tunnel access; however, we recommend against this method because it increases the
computer’s vulnerability to attack.