Filter
Top Products
38-34
Cisco ASDM User Guide
OL-16647-01
Chapter 38 Clientless SSL VPN
Configuring Smart Tunnel Access
Modes
The following table shows the modes in which this feature is available:
For More Information
Clientless SSL VPN End User Set-up
Configuring Smart Tunnel Access
The Smart Tunnels table displays the smart tunnel lists, each of which identifies one or more applications
eligible for smart tunnel access, and its associated OS. Because each group policy or local user policy
supports one smart tunnel list, you must group the nonbrowser-based applications to be supported into
a smart tunnel list. Following the configuration of a list, you can assign it to one or more group polices
or local user policies.
The Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Smart Tunnels
window lets you do the following:
• To add a smart tunnel list and add applications to the list, click Add. The Add Smart Tunnel List
dialog box opens. After you name the list, click Add again. ASDM opens the Add Smart Tunnel
Entry dialog box, which lets you assign the attributes of a smart tunnel to the list. After doing so and
clicking OK, ASDM displays those attributes in the list. Repeat as needed to complete the list, then
click OK in the Add Smart Tunnel List dialog box.
• To change a smart tunnel list, double-click the list or choose the list in the table and click Edit. Then
click Add to insert a new set of smart tunnel attributes into the list, or choose an entry in the list and
click Edit or Delete.
• To remove a list, choose the list in the table and click Delete.
Following the configuration and assignment of a smart tunnel list, you can make a smart tunnel easy to
use by adding a bookmark for the service and clicking the Enable Smart Tunnel Option in the Add or
Edit Bookmark dialog box.
About Smart Tunnels
A smart tunnel is a connection between a TCP-based application and a private site, using a clientless
(browser-based) SSL VPN session with the security appliance as the pathway, and the security appliance
as a proxy server. You can identify applications to which you want to grant smart tunnel access, and
specify the local path to each application. For applications running on Microsoft Windows, you can also
require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.
Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want
to grant smart tunnel access.
Configuring smart tunnels requires one of the following procedures, depending on whether the
application is a client or is a web-enabled application:
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——