Filter
Top Products
72-57
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Configuring Port Forwarding
Adding Applications to Be Eligible for Port Forwarding
The clientless SSL VPN configuration of each ASA supports port forwarding lists, each of which
specifies local and remote ports used by the applications for which you want to provide access. Because
each group policy or username supports only one port forwarding list, you must group each set of
applications to be supported into a list. To display the port forwarding list entries already present in the
ASA configuration, enter the following commands:
Following the configuration of a port forwarding list, assign the list to group policies or usernames, as
described in the next section.
Adding/Editing Port Forwarding Entry
The Add/Edit Port Forwarding Entry dialog boxes let you specify TCP applications to associate with
users or group policies for access over clientless SSL VPN connections. Assign values to the attributes
in these windows as follows:
Prerequisites
The DNS name assigned to the Remote Server parameter must match the Domain Name and Server
Group parameters to establish the tunnel and resolve to an IP address, per the instructions in the
“Assigning a Port Forwarding List” section on page 72-57. The default setting for both the Domain and
Server Group parameters is DefaultDNS.
Detailed Steps
Step 1 Click Add.
Step 2 Type a TCP port number for the application to use. You can use a local port number only once for a
listname. To avoid conflicts with local TCP services, use port numbers in the range 1024 to 65535.
Step 3 Enter either the domain name or IP address of the remote server. We recommend using a domain name
so that you do not have to configure the client applications for the specific IP address.
Step 4 Type the well-known port number for the application.
Step 5 Type a description of the application. The maximum is 64 characters.
Step 6 (Optional) Highlight a port forwarding list and click Assign to assign the selected list to one or more
group policies, dynamic access policies, or user policies.
Assigning a Port Forwarding List
You can add or edit a named list of TCP applications to associate with users or group policies for access
over clientless SSL VPN connections. For each group policy and username, you can configure clientless
SSL VPN to do one of the following:
• Start port forwarding access automatically upon user login.
• Enable port forwarding access upon user login, but require the user to start it manually, using the
Application Access > Start Applications button on the clientless SSL VPN Portal Page.