Filter
Top Products
38-29
Cisco ASDM User Guide
OL-16647-01
Chapter 38 Clientless SSL VPN
Bypass Interface Access List
• Flash File System Path—Identifies the filename of the file in the flash memory of the security
appliance that you want to identify as an client profile.
• Browse Flash—Displays the Browse Flash Dialog window where you can view all the files on flash
memory of the security appliance and where you can select a file to identify as a client profile.
• Upload File—Initiates the file upload.
Modes
The following table shows the modes in which this feature is available:
Bypass Interface Access List
You can require an access rule to apply to the local IP addresses by unchecking this option. The
access rule applies to the local IP address, and not to the original client IP address used before the
VPN packet was decrypted.
• Enable inbound IPSec sessions to bypass interface access-lists. Group policy and per-user
authorization access lists still apply to the traffic—By default, the security appliance allows VPN
traffic to terminate on a security appliance interface; you do not need to allow IKE or ESP (or other
types of VPN packets) in an access rule. When this option is checked, you also do not need an access
rule for local IP addresses of decrypted VPN packets. Because the VPN tunnel was terminated
successfully using VPN security mechanisms, this feature simplifies configuration and maximizes
the security appliance performance without any security risks. (Group policy and per-user
authorization access lists still apply to the traffic.)
SSO Servers
The SSO Server window lets you configure or delete single sign-on (SSO) for users of Clientless SSL
VPN connecting to a Computer Associates SiteMinder SSO server or to a Security Assertion Markup
Language (SAML), Version 1.1, Browser Post Profile SSO server. SSO support, available only for
Clientless SSL VPN, lets users access different secure services on different servers without entering a
username and password more than once.
You can choose from four methods when configuring SSO: Auto Signon using basic HTTP and/or
NTLMv1 authentication, HTTP Form protocol, or Computer Associates eTrust SiteMinder (formerly
Netegrity SiteMinder), or SAML, Version 1.1 Browser Post Profile.
Note The SAML Browser Artifact profile method of exchanging assertions is not supported.
This section describes the procedures for setting up SSO with both SiteMinder and SAML Browser Post
Profile.
• To configure SSO with basic HTTP or NTLM authentication, see Auto Signon.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——