Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

38-41

Cisco ASDM User Guide

OL-16647-01

Chapter 38 Clientless SSL VPN

Configuring Smart Tunnel Access

Add or Edit Smart Tunnel Auto Sign-on Server Entry

The Add or Edit Smart Tunnel Entry dialog box lets you identify a server to be added to a smart tunnel

auto sign-on list. You can identify it by its hostname, or IP address and subnet mask.

Caution Use the address format used in the source code of the web pages on the intranet. If you are configuring

smart tunnel auto sign-on for browser access and some web pages use host names and others use IP

addresses, or you do not know, specify both in different smart tunnel auto sign-on entries. Otherwise, if

a link on a web page uses a different format than the one you specify, it will fail when the user clicks it.

• Host name—Enter a hostname or wildcard mask to auto-authenticate to. You can use the following

wildcard characters:

–

* to match any number of characters or zero characters

–

? to match any single character

–

[] to match any single character in the range expressed inside the brackets

For example, enter *.example.com. Using this option protects the configuration from dynamic

changes to IP addresses.

• IP Address—Enter an IP address to auto-authenticate to.

• Subnet Mask—Sub-network of hosts associated with the IP address.

• Use Windows domain name with user name (Optional) —Click to add the Windows domain to the

username if authentication requires it. If you do so, be sure to specify the domain name when

assigning the smart tunnel list to one or more group policies or local user policies.

Following the configuration of the smart tunnel auto sign-on server list, you must assign it to a group

policy or a local user policy for it to become active, as follows:

• To assign the list to a group policy, choose Config > Remote Access VPN > Clientless SSL VPN

Access > Group Policies > Add or Edit > Portal, find the Smart Tunnel area, and choose the list

name from the drop-down list next to the Auto Sign-on Server List attribute.

• To assign the list to a local user policy, choose Config > Remote Access VPN> AAA Setup > Local

Users > Add or Edit > VPN Policy > Clientless SSL VPN, find the Smart Tunnel area, and choose

the list name from the drop-down list next to the Auto Sign-on Server List attribute.

Modes

The following table shows the modes in which this feature is available:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next