Configuring Ssl/Tls Encryption Protocols - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 37
Configuring Clientless SSL VPN
password—Enter the password to send to the proxy server with each HTTP or HTTPS request.
port—(Optional) Enter the port number used by the proxy server. The default HTTP port is 80. The
default HTTPS port is 443. The security appliance uses each of these ports if you do not specify an
alternative value. The range is 1-65535.
—If you entered exclude, enter a URL or a comma-delimited list of several URLs to exclude from
url
those that can be sent to the proxy server. The string does not have a character limit, but the entire
command cannot exceed 512 characters. You can specify literal URLs or use the following wildcards:
•
•
•
•
If you entered http-proxy pac, follow it with http:// and type the URL of the proxy autoconfiguration
file. If you omit the http:// portion, the CLI ignores the command.
username—(Optional) Enter this keyword to accompany each HTTP proxy request with a username for
basic, proxy authentication. Only the http-proxy host command supports this keyword.
username—Enter the username the password to send to the proxy server with each HTTP or HTTPS
request.
The security appliance clientless SSL VPN configuration supports only one http-proxy and one
http-proxy command each. For example, if one instance of the http-proxy command is already present
in the running configuration and you enter another, the CLI overwrites the previous instance.
The following example shows how to configure use of an HTTP proxy server with an IP address of
209.165. 201.1 using the default port, send a username and password with each HTTP request:
hostname(config-webvpn)# http-proxy 209.165.201.1 jsmith password mysecretdonttell
hostname(config-webvpn)
The following example shows the same command, except when the security appliance receives the
specific URL www.example.com in an HTTP request, it resolves the request instead of passing it on to
the proxy server:
hostname(config-webvpn)# http-proxy 209.165.201.1 exclude www.example.com username jsmith
password mysecretdonttell
hostname(config-webvpn)
The following example shows how to specify a URL to serve a proxy autoconfiguration file to the
browser:
hostname(config-webvpn)# http-proxy pac http://www.example.com/pac
hostname(config-webvpn)
Configuring SSL/TLS Encryption Protocols
When you set SSL/TLS encryption protocols, be aware of the following:
•
•
OL-12172-03
* to match any string, including slashes (/) and periods (.). You must accompany this wildcard with
an alphanumeric string.
? to match any single character, including slashes and periods.
[x-y] to match any single character in the range of x and y, where x represents one character and y
represents another character in the ANSI character set.
[!x-y] to match any single character that is not in the range.
Make sure that the security appliance and the browser you use allow the same SSL/TLS encryption
protocols.
If you configure e-mail proxy, do not set the security appliance SSL version to TLSv1 Only.
MS Outlook and MS Outlook Express do not support TLS.
Cisco Security Appliance Command Line Configuration Guide
Getting Started
37-5
Advertisement
Table of Contents
Troubleshooting
