67-36
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
Configuring Smart Tunnel Access
–
Delete cookies (with Internet Explorer, go to Tools > Internet Options > General).
Windows Requirements and Limitations
In addition to the requirements in Understanding Clientless SSL VPN System Requirements, page 67-3,
the following requirements and limitations apply to smart tunnel access on Windows:
• ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) on Windows must be
enabled on the browser.
• Only Winsock 2, TCP-based applications are eligible for smart tunnel access.
• The security appliance does not support the Microsoft Outlook Exchange (MAPI) proxy. Neither
port forwarding nor the smart tunnel supports MAPI. For Microsoft Outlook Exchange
communication using the MAPI protocol, remote users must use AnyConnect.
• Users of Microsoft Windows Vista who use smart tunnel or port forwarding must add the URL of
the ASA to the Trusted Site zone. To access the Trusted Site zone, they must start Internet Explorer
and choose the Tools > Internet Options > Security tab. Vista users can also disable Protected
Mode to facilitate smart tunnel access; however, we recommend against this method because it
increases vulnerability to attack.
Mac OS Requirements and Limitations
In addition to the requirements in Understanding Clientless SSL VPN System Requirements, page 67-3,
the following requirements and limitations apply to smart tunnel access on Mac OS:
• Smart tunnel supports Mac OS running on an Intel processor only.
• Java Web Start must be enabled on the browser.
• Only applications started from the portal page can establish smart tunnel connections. This
requirement includes smart tunnel support for Firefox. Using Firefox to start another instance of
Firefox during the first use of a smart tunnel requires the user profile named csco_st. If this user
profile is not present, the session prompts the user to create one.
• Applications using TCP that are dynamically linked to the SSL library can work over a smart tunnel.
• Smart tunnel does not support the following on Mac OS:
–
Proxy services.
–
Auto sign-on.
–
Applications that use two-level name spaces.
–
Console-based applications, such as Telnet, SSH, and cURL.
–
Applications using dlopen or dlsym to locate libsocket calls.
–
Statically linked applications to locate libsocket calls.
Configuring a Smart Tunnel (Lotus example)
To configure a Smart Tunnel, perform the following steps:
Note These example instructions provide the minimum instructions required to add smart tunnel support for
an application. See the field descriptions in the sections that follow for more information.
To Next Page
Loading...
Need help?
General
