Cisco ASA 5505 Configuration Manual page 1467

Chapter 67 Clientless SSL VPN
Understanding Clientless SSL VPN System Requirements
Release 8.3(1) supports browser-based (clientless) VPN access from the following platforms:
•
•
•
•
•
•
•
ActiveX pages require that you enable ActiveX Relay on the associated group policy. If you do so or
assign a smart tunnel list to the policy, and the browser proxy exception list on the endpoint specifies a
proxy, the user must add a "shutdown.webvpn.relay." entry to that list.
The ASA supports clientless access to Lotus iNotes 8.5.
The ASA does not support clientless access to Windows Shares (CIFS) Web Folders from Windows 7,
Vista, Internet Explorer 8, Mac OS, and Linux. Windows XP SP2 requires a
Web Folders.
The ASA does not support DSA certificates; it does support RSA certificates.
See the following sections for the platforms supported by these clientless applications:
•
•
•
Clientless SSL VPN Access
The Clientless SSL VPN Access pane lets you accomplish the following tasks:
•
•
•
•
•
To configure clientless SSL VPN services for individual users, the best practice is to choose the
Configuration > VPN > General > Group Policy >Add/Edit >WebVPN pane. Then choose the
Configuration > Properties >Device Administration >User Accounts > VPN Policy pane to assign
the group policy to a user.
Fields
•
OL-20339-01
Windows 7 x86 (32-bit) and x64 (64-bit) via Internet Explorer 8.x and Firefox 3.x.
Windows Vista x64 via Internet Explorer 7.x–8.x, or Firefox 3.x.
Windows Vista x86 SP2, or Vista SP1 with
3.x.
Windows XP x64 via Internet Explorer 7.x–8.x and Firefox 3.x.
Windows XP x86 SP2 or later via Internet Explorer 6.x–8.x, or Firefox 3.x.
Mac OS 10.6.x or 10.5 32- and 64-bit via Safari 3.x–4.x and Firefox 3.x with Sun JRE 1.5 or later.
Certificate authentication, including the DoD Common Access Card and SmartCard, works with the
Safari keychain only.
Linux via Firefox 3.x
Port Forwarding Requirements and Restrictions, page 67-23
Smart Tunnel Requirements and Limitations, page 67-35
Plug-in Requirements and Restrictions, page 67-78
Enable or disable adaptive security appliance interfaces for clientless SSL VPN sessions.
Choose a port for clientless SSL VPN connections.
Set a global timeout value for clientless SSL VPN sessions.
Set a maximum number of simultaneous clientless SSL VPN sessions.
Configure the amount of adaptive security appliance memory that clientless SSL VPN can use.
Configure access parameters for WebVPN—Lets you enable or disable clientless SSL VPN
connections on configured adaptive security appliance interfaces.
Understanding Clientless SSL VPN System Requirements
KB952876 or later, via Internet Explorer 7.x, or Firefox
Cisco ASA 5500 Series Configuration Guide using ASDM
Microsoft hotfix to support
67-3