Cisco ASA 5505 Configuration Manual page 1507

Chapter 67 Clientless SSL VPN
We strongly recommend the use of the logout button on the portal. This method pertains to clientless
Note
SSL VPNs and logs off regardless of whether smart tunnel is used or not. The notification icon should
be used only when using standalone applications without the browser.
Without Using Notification Icon
If you choose to not use the notification icon, the VPN session closes when the user quits the browser,
and the end user is logged off after all browsers are closed. For example, if you started a smart tunnel
from Internet Explorer, the smart tunnel is turned off when no iexplore.exe is running. Smart tunnel can
determine that the VPN session has ended even if the user closed all browsers without logging out.
Note
Note
See the Cisco Security Appliance Command Reference Guide
(http://www.cisco.com/en/US/products/ps6120/prod_command_reference_list.html) for the CLI
command that configures log out properties and controls whether the user is presented with a logout icon
for logging out.
Using the Notification Icon
If you want the user to keep accessing the VPN, even after all browsers are closed, choose the
notification icon for log off. The VPN session will not close, even when the user has quit the browser;
therefore, if a user is accessing some non-browser application (such as vnc), the connectivity remains
even after all browsers are closed, but logout can still occur using the notification icon. Smart Tunnel
may not detect a log off event that happens outside of the browser (such as logging off with the console
CLI).
The clientless portal may take awhile to detect a log off and actually exit the portal, even though the user
is logged off immediately. The icon remains until the next operation that is tunneled by Smart Tunnel
(such as when an application tries to create a new connection).
Note
To enable the icon in the notification area, follow these steps:
Choose Configuration > Remote Access VPN > Clientless SSL VPN Access > Portal > Smart
Step 1
Tunnels.
Enable the Click on smart-tunnel logoff icon in the system tray radio button.
Step 2
In the Smart Tunnel Networks portion of the window, check Add and enter both the IP address and
Step 3
hostname of the network which should include the icon.
OL-20339-01
In some cases, a lingering browser process is unintentional and is strictly a result of an error.
Also, when a Secure Desktop is used, the browser process can run in another desktop even if the
user closed all browsers within the secure desktop. Therefore, smart tunnel declares all browser
instances gone when no more visible windows exist in the current desktop.
Portal logout still takes effect and is not impacted.
This icon is an alternative way to log out of SSL VPN. It is not an indicator of VPN session
status.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring Smart Tunnel Access
67-43