Cisco ASA 5505 Configuration Manual page 1320

Group Policies
Configuring the Portal for a Group Policy
The Portal attributes determine what appears on the portal page for members of this group policy
establishing Clientless SSL VPN connections. In this pane, you can enable Bookmark lists and URL
Entry, file server access, Port Forwarding and Smart Tunnels, ActiveX Relay, and HTTP settings.
Fields
•
•
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-10
Bookmark List—Choose a previously-configured Bookmark list or click Manage to create a new
one. Bookmarks appear as links, from which users can navigate from the portal page.
URL Entry—Enable to allow remote users to enter URLs directly into the portal URL field.
File Access Control—Controls the visibility of "hidden shares" for Common Internet File System
(CIFS) files. A hidden share is identified by a dollar sign ($) at the end of the share name. For
example, drive C is shared as C$. With hidden shares, a shared folder is not displayed, and users are
restricted from browsing or accessing these hidden resources.
– File Server Entry—Enable to allow remote users to enter the name of a file server.
– File Server Browsing—Enable to allow remote users to browse for available file servers.
– Hidden Share Access—Enable to hide shared folders.
Port Forwarding Control—Provides users access to TCP-based applications over a Clientless SSL
VPN connection through a Java Applet.
– Port Forwarding List—Choose a previously-configured list TCP applications to associate with
this group policy. Click Manage to create a new list or to edit an existing list.
– Auto Applet Download—Enables automatic installation and starting of the Applet the first time
the user logs in.
Applet Name—Changes the name of the title bar that of the Applet dialog box to the name you
–
designate. By default, the name is Application Access.
Smart Tunnel—Specify your smart tunnel options using a clientless (browser-based) SSL VPN
session with the security appliance as the pathway and the security appliance as a proxy server:
Smart Tunnel Policy—Choose from the network list and specify one of the tunnels options: use
–
smart tunnel for the specified network, do not use smart tunnel for the specified network, or use
tunnel for all network traffic. Assigning a smart tunnel network to a group policy or username
enables smart tunnel access for all users whose sessions are associated with the group policy or
username but restricts smart tunnel access to the applications specified in the list. To view, add,
modify, or delete a smart tunnel list, click Manage.
Smart Tunnel Application—Choose from the drop-down menu to connect a Winsock 2,
–
TCP-based application installed on the end station to a server on the intranet. To view, add,
modify, or delete a smart tunnel application, click Manage.
Smart Tunnel all Applications—Check this check box to tunnel all applications. All
–
applications are tunneled without choosing from the network list or knowing which executables
an end user may invoke for external applications.
Auto Start—Check this check box to start smart tunnel access automatically upon user login.
–
Uncheck the check box to enable smart tunnel access upon user login but require the user to start
it manually, using the Application Access > Start Smart Tunnels button on the Clientless SSL
VPN Portal Page.
Chapter 64 General VPN Setup
OL-20339-01