1-95
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Connection Profiles, Group Policies, and Users
  Configuring User Attributes
Enabling Password Storage for Software Client Users
Specify whether to let users store their login passwords on the client system. Password storage is 
disabled by default. Enable password storage only on systems that you know to be in secure sites. To 
disable password storage, enter the password-storage command with the disable keyword. To remove 
the password-storage attribute from the running configuration, enter the no form of this command. This 
enables inheritance of a value for password-storage from the group policy.
hostname(config-username)# password-storage {enable | disable}
hostname(config-username)# no password-storage
hostname(config-username)
This command has no bearing on interactive hardware client authentication or individual user 
authentication for hardware clients.
The following example shows how to enable password storage for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# password-storage enable
hostname(config-username)
Configuring Clientless SSL VPN Access for Specific Users
The following sections describe how to customize a configuration for specific users of clientless SSL 
VPN sessions. Enter username webvpn configuration mode by using the webvpn command in username 
configuration mode. Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to the 
ASA using a web browser. There is no need for either a software or hardware client. Clientless SSL VPN 
provides easy access to a broad range of web resources and web-enabled applications from almost any 
computer that can reach HTTPS Internet sites. Clientless SSL VPN uses SSL and its successor, TLS1, 
to provide a secure connection between remote users and specific, supported internal resources that you 
configure at a central site. The ASA recognizes connections that need to be proxied, and the HTTP server 
interacts with the authentication subsystem to authenticate users. 
The username webvpn configuration mode commands define access to files, URLs and TCP applications 
over clientless SSL VPN sessions. They also identify ACLs and types of traffic to filter. Clientless SSL 
VPN is disabled by default. These webvpn commands apply only to the username from which you 
configure them. Notice that the prompt changes, indicating that you are now in username webvpn 
configuration mode.
hostname(config-username)# webvpn
hostname(config-username-webvpn)#
To remove all commands entered in username webvpn configuration mode, use the no form of this 
command:
hostname(config-username)# no webvpn
hostname(config-username)#
You do not need to configure clientless SSL VPN to use e-mail proxies. 
Note The webvpn mode that you enter from global configuration mode lets you configure global settings for 
clientless SSL VPN sessions. The username webvpn configuration mode described in this section, which 
you enter from username mode, lets you customize the configuration of specific users specifically for 
clientless SSL VPN sessions.