Cisco Systems ASA 5555-X Network Router User Manual


  Open as PDF
of 2086
 
72-42
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring Application Access
Step 1 Navigate to Configuration > Remote Access VPN > Clientless VPN Access > Portal > Bookmarks
on the ASDM GUI.
Step 2 In Bookmark List, enter the URL to reference for the service location.
Configuring Application Access
The following sections describe how to enable smart tunnel access and port forwarding on clientless SSL
VPN sessions, specify the applications to be provided with such access, and provide notes on using it:
Configuring Smart Tunnel Access
Logging Off Smart Tunnel
Configuring Smart Tunnel Access
A smart tunnel list identifies one or more applications eligible for smart tunnel access and the endpoint
operating system associated with the list. Because each group policy or local user policy supports one
smart tunnel list, you must group the nonbrowser-based applications to be supported into a smart tunnel
list. Without writing a script or uploading anything, an administrator can specify which homepage in the
group policy to connect with via smart tunnel (with the homepage use-smart-tunnel CLI command or on
the GUI). Following the configuration of a list, you can assign it to one or more group policies or local
user policies. If the administrator has it configured as such, you can browse the internet directly while
accessing company internal resources via smart tunnel.
The following sections describe smart tunnels and how to configure them:
About Smart Tunnels
Why Smart Tunnels?
Configuring a Smart Tunnel (Lotus example)
Simplifying Configuration of Which Applications to Tunnel
Assigning a Smart Tunnel List
Specifying Servers for Smart Tunnel Auto Sign-on
Adding or Editing a Smart Tunnel Auto Sign-on Server Entry
Enabling and Disabling Smart Tunnel Access
About Smart Tunnels
A smart tunnel is a connection between a TCP-based application and a private site, using a clientless
(browser-based) SSL VPN session with the security appliance as the pathway, and the ASA as a proxy
server. You can identify applications to which you want to grant smart tunnel access, and specify the
local path to each application. For applications running on Microsoft Windows, you can also require a
match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.
Lotus SameTime and Microsoft Outlook are examples of applications to which you might want to grant
smart tunnel access.