Filter
Top Products
38-36
Cisco ASDM User Guide
OL-16647-01
Chapter 38 Clientless SSL VPN
Configuring Smart Tunnel Access
• When smart tunnel starts, the security appliance tunnels all traffic from the browser process the user
used to initiate the clientless session. If the user starts another instance of the browser process, it
passes all traffic to the tunnel. If the browser process is the same and the security appliance does not
provide access to a given URL, the user cannot open it. As a workaround, the user can use a different
browser from the one used to establish the clientless session.
• A stateful failover does not retain smart tunnel connections. Users must reconnect following a
failover.
Windows Requirements and Limitations
The following requirements and limitations apply to Windows only:
• Only Winsock 2, TCP-based applications are eligible for smart tunnel access.
• The security appliance does not support the Microsoft Outlook Exchange (MAPI) proxy. Neither
port forwarding nor the smart tunnel supports MAPI. For Microsoft Outlook Exchange
communication using the MAPI protocol, remote users must use AnyConnect.
• Users of Microsoft Windows Vista who use smart tunnel or port forwarding must add the URL of
the ASA to the Trusted Site zone. To access the Trusted Site zone, they must start Internet Explorer
and choose the Tools > Internet Options > Security tab. Vista users can also disable Protected
Mode to facilitate smart tunnel access; however, we recommend against this method because it
increases vulnerability to attack.
Mac OS Requirements and Limitations
The following requirements and limitations apply to Mac OS only:
• Safari 3.1.1 or later, or Firefox 3.0 or later.
• Sun JRE 1.5 or later.
• Only applications started from the portal page can establish smart tunnel connections. This
requirement includes smart tunnel support for Firefox. Using Firefox to start another instance of
Firefox during the first use of a smart tunnel requires the user profile named csco_st. If this user
profile is not present, the session prompts the user to create one.
• Applications using TCP that are dynamically linked to the SSL library can work over a smart tunnel.
• Smart tunnel does not support the following on Mac OS:
–
Proxy services.
–
Auto sign-on.
–
Applications that use two-level name spaces.
–
Console-based applications, such as Telnet, SSH, and cURL.
–
Applications using dlopen or dlsym to locate libsocket calls.
–
Statically linked applications to locate libsocket calls.