1-78
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Clientless SSL VPN
  Using E-Mail over Clientless SSL VPN
Configuring E-mail Proxies
Clientless SSL VPN supports IMAP4S, POP3S, and SMTPS e-mail proxies. The following attributes 
apply globally to e-mail proxy users. 
Restrictions
E-mail clients such as MS Outlook, MS Outlook Express, and Eudora lack the ability to access the 
certificate store.
Detailed Steps
Command Purpose
Step 1
accounting-server-group Specifies the previously configured accounting 
servers to use with e-mail proxy.
Step 2
authentication Specifies the authentication method(s) for e-mail 
proxy users. The default values are as follows:
• IMAP4S: Mailhost (required)
• POP3S Mailhost (required)
• SMTPS: AAA
Step 3
authentication-server-group Specifies the previously configured authentication 
servers to use with e-mail proxy. The default is 
LOCAL.
Step 4
authorization-server-group Specifies the previously configured authorization 
servers to use with clientless SSL VPN.
Step 5
authorization-required Requires users to authorize successfully to connect. 
The default is Disabled.
Step 6
authorization-dn-attributes Identifies the DN of the peer certificate to use as a 
username for authorization. The defaults are as 
follows:
• Primary attribute: CN
• Secondary attribute: OU
Step 7
default-group-policy Specifies the name of the group policy to use. The 
default is DfltGrpPolicy.
Step 8
enable Enables e-mail proxy on the specified interface. The 
default is disabled.
Step 9
name-separator Defines the separator between the e-mail and VPN 
usernames and passwords. The default is colon (:).
Step 10
outstanding Configures the maximum number of outstanding 
non-authenticated sessions. The default is 20.