Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

38-68

Cisco ASDM User Guide

OL-16647-01

Chapter 38 Clientless SSL VPN

Configuring Browser Access to Client-Server Plug-ins

Plug-in Requirements and Restrictions

Clientless SSL VPN must be enabled on the security appliance to provide remote access to the plug-ins.

The minimum access rights required for remote use belong to the guest privilege mode.

A stateful failover does not retain sessions established using plug-ins. Users must reconnect following a

failover.

Preparing the Security Appliance for a Plug-in

Before installing a plug-in, prepare the security appliance by performing the following steps:

Step 1 Make sure Clientless SSL VPN (“webvpn”) is enabled on a security appliance interface.

Step 2 Install an SSL certificate onto the security appliance interface to which remote users use a fully-qualified

domain name (FQDN) to connect.

Note Do not specify an IP address as the common name (CN) for the SSL certificate. The remote user

attempts to use the FQDN to communicate with the security appliance. The remote PC must be

able to use DNS or an entry in the System32\drivers\etc\hosts file to resolve the FQDN.

See the section that identifies the type of plug-in you want to provide for Clientless SSL VPN access.

• Installing Plug-ins Redistributed by Cisco

• Assembling and Installing Third-Party Plug-ins—Example: Citrix Java Presentation Server Client

Installing Plug-ins Redistributed by Cisco

Cisco redistributes the following, open-source, Java-based components to be accessed as plug-ins for

web browsers in Clientless SSL VPN sessions:

• rdp-plugin.jar—The Remote Desktop Protocol plug-in lets the remote user connect to a computer

running Microsoft Terminal Services. Cisco redistributes this plug-in without any changes to it per

the GNU General Public License. The web site containing the source of the redistributed plug-in is

http://properjavardp.sourceforge.net/.

• ssh-plugin.jar—The Secure Shell-Telnet plug-in lets the remote user establish a Secure Shell or

Telnet connection to a remote computer. Cisco redistributes this plug-in without any changes to it

per the GNU General Public License. The web site containing the source of the redistributed plug-in

is http://javassh.org/.

Note The ssh-plugin.jar provides support for both SSH and Telnet protocols. The SSH client

supports SSH Version 1.0.

previous next