Customizing Login Windows For Users Of Clientless Ssl Vpn Sessions - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Connection Profiles
However, you might want clientless users logging in under specific tunnel groups to not experience
delays waiting for the download prompt to expire before being presented with the clientless SSL VPN
home page. You can prevent delays for these users at the connection profile level with the
override-svc-download command. This command causes users logging through a connection profile to
be immediately presented with the clientless SSL VPN home page regardless of the
vpn-tunnel-protocol or svc ask command settings.
In the following example, the you enter tunnel-group webvpn attributes configuration mode for the
connection profile engineering and enable the connection profile to override the group policy and
username attribute settings for client download prompts:
hostname(config)# tunnel-group engineering webvpn-attributes
hostname(config-tunnel-webvpn)# override-svc-download
(Optional) To enable the display of a RADIUS reject message on the login screen when authentication
Step 9
is rejected, use the radius-eject-message command:
The following example enables the display of a RADIUS rejection message for the connection profile
named engineering:
hostname(config)# tunnel-group engineering webvpn-attributes
hostname(config-tunnel-webvpn)# radius-reject-message
Customizing Login Windows for Users of Clientless SSL VPN sessions
You can set up different login windows for different groups by using a combination of customization
profiles and connection profiles. For example, assuming that you had created a customization profile
called salesgui, you can create a connection profile for clientless SSL VPN sessions called sales that uses
that customization profile, as the following example shows:
Step 1
In webvpn mode, define a customization for clientless SSL VPN access, in this case named salesgui and
change the default logo to mycompanylogo.gif. You must have previously loaded mycompanylogo.gif
onto the flash memory of the security appliance and saved the configuration. See
"Configuring Clientless SSL
hostname# webvpn
hostname (config-webvpn)# customization value salesgui
hostname(config-webvpn-custom)# logo file disk0:\mycompanylogo.gif
hostname(config-webvpn-custom)#
In global configuration mode, set up a username and associate with it the customization for clientless
Step 2
SSL VPN that you've just defined:
hostname# username seller attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# customization value salesgui
hostname(config-username-webvpn)# exit
hostname(config-username)# exit
hostname#
In global configuration mode, create a tunnel-group for clientless SSL VPN sessions named sales:
Step 3
hostname# tunnel-group sales type webvpn
hostname(config-tunnel-webvpn)#
Step 4
Specify that you want to use the salesgui customization for this connection profile:
Cisco Security Appliance Command Line Configuration Guide
30-26
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
VPN"" for details.
"Chapter 37,
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
