67-39
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
Configuring Smart Tunnel Access
Following the configuration of the smart tunnel list, the list name appears next to the Smart Tunnel
List attribute in the Clientless SSL VPN group policies and local user policies. Assign a name that
will help you to distinguish its contents or purpose from other lists that you are likely to configure.
Modes
The following table shows the modes in which this feature is available:
Add or Edit Smart Tunnel Entry
The Add or Edit Smart Tunnel Entry dialog box lets you specify the attributes of an application in a smart
tunnel list.
• Application ID—Enter a string to name the entry in the smart tunnel list. This user-specified name
is saved and then returned onto the GUI. The string is unique for the operating system. It typically
names the application to be granted smart tunnel access. To support multiple versions of an
application for which you choose to specify different paths or hash values, you can use this attribute
to differentiate entries, specifying the operating system, and name and version of the application
supported by each list entry. The string can be up to 64 characters.
• Process Name—Enter the filename or path to the application. The string can be up to 128 characters.
Windows requires an exact match of this value to the right side of the application path on the remote
host to qualify the application for smart tunnel access. If you specify only the filename for Windows,
SSL VPN does not enforce a location restriction on the remote host to qualify the application for
smart tunnel access.
If you specify a path and the user installed the application in another location, that application does
not qualify. The application can reside on any path as long as the right side of the string matches the
value you enter.
To authorize an application for smart tunnel access if it is present on one of several paths on the
remote host, either specify only the name and extension of the application in this field; or create a
unique smart tunnel entry for each path.
Note A sudden problem with smart tunnel access may be an indication that a Process Name value
is not up-to-date with an application upgrade. For example, the default path to an application
sometimes changes following the acquisition of the company that produces the application
and the next application upgrade.
For Windows, if you want to add smart tunnel access to an application started from the command
prompt, you must specify “cmd.exe” in the Process Name of one entry in the smart tunnel list, and
specify the path to the application itself in another entry, because “cmd.exe” is the parent of the
application.
Mac operating systems require the full path to the process and is case-sensitive. To avoid specifying
a path for each username, insert a tilde (~) before the partial path (e.g., ~/bin/vnc).
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
