67-37
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
Configuring Smart Tunnel Access
Step 1 Choose Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Smart
Tunnels.
Step 2 Double-click the smart tunnel list to which you want to add an application; or click Add to create a list
of applications, enter a name for this list in the List Name field, and click Add.
For example, click Add in the Smart Tunnels pane, enter Lotus in the List Name field, and click Add.
Step 3 Click Add in the Add or Edit Smart Tunnel List dialog box.
Step 4 Enter a string in the Application ID field to serve as a unique index to the entry within the smart tunnel
list.
Step 5 Enter the filename and extension of the application into the Process Name dialog box.
Table 67-2 shows example Application ID strings and the associated paths required to support Lotus.
Step 6 Select Windows next to OS.
Step 7 Click OK.
Step 8 Repeat Steps 3–7 for each application to add to the list.
Step 9 Click OK in the Add or Edit Smart Tunnel List dialog box.
Step 10 Assign the list to the group policies and local user policies to which you want to provide smart tunnel
access to the associated applications, as follows:
• To assign the list to a group policy, choose Configuration > Remote Access VPN> Clientless SSL
VPN Access > Group Policies > Add or Edit > Portal and choose the smart tunnel name from the
drop-down list next to the Smart Tunnel List attribute.
• To assign the list to a local user policy, choose Configuration > Remote Access VPN> AAA Setup
> Local Users > Add or Edit > VPN Policy > Clientless SSL VPN and choose the smart tunnel
name from the drop-down list next to the Smart Tunnel List attribute.
Simplifying Configuration of Which Applications to Tunnel
A smart tunnel application list is essentially a filter of what applications are granted access to the tunnel.
The default is to allow access for all processes started by the browser. With Smart Tunnel enabled
bookmark, the clientless session grants access only to processes initiated by the web browser. For
non-browser applications, an administrator can choose to tunnel all applications and thus remove the
need to know which applications an end user may invoke. Table 67-3 shows in which situations
processes are granted access.
Table 67-2 Smart Tunnel Example: Lotus 6.0 Thick Client with Domino Server 6.5.5
Application ID Example Minimum Required Process Name
lotusnotes notes.exe
lotusnlnotes nlnotes.exe
lotusntaskldr ntaskldr.exe
lotusnfileret nfileret.exe
To Next Page
Loading...
Need help?
General
