Configuring File Access; Adding Support For File Access - Cisco PIX 500 Series Configuration Manual

Chapter 37 Configuring Clientless SSL VPN

Configuring File Access

Clientless SSL VPN serves remote users with HTTPS portal pages that interface with proxy CIFS and/or
FTP clients running on the security appliance. Using either CIFS or FTP, clientless SSL VPN provides
users with network access to the files on the network, to the extent that the users meet user authentication
requirements and the file properties do not restrict access. The CIFS and FTP clients are transparent; the
portal pages delivered by clientless SSL VPN provide the appearance of direct access to the file systems.
When a user requests a list of files, clientless SSL VPN queries the server designated as the master
browser for the IP address of the server containing the list. The security appliance gets the list and
delivers it to the remote user on a portal page.
Clientless SSL VPN lets the user invoke the following CIFS and FTP functions, depending on user
authentication requirements and file properties:
•
•
•
The security appliance uses a master browser, WINS server, or DNS server, typically on the same
network as the security appliance or reachable from that network, to query the network for a list of
servers when the remote user clicks Browse Networks in the menu of the portal page or on the toolbar
displayed during the Clientless SSL VPN session.
The master browser or DNS server provides the CIFS/FTP client on the security appliance with a list of
the resources on the network, which clientless SSL VPN serves to the remote user.
Note Before configuring file access, you must configure the shares on the servers for user access.

Adding Support for File Access

Configure file access as follows:
Note Step 1 of this procedure describes how to specify the master browser and WINS servers. As an
alternative, you can use ASDM to configure URL lists and entries that provide access to file shares.
Adding a share in ASDM does not require a master browser or a WINS server. However, it does not
provide support for the Browse Networks link. You can use a hostname or an IP address to refer to
ServerA when entering this command. If you use a hostname, the security appliance requires a DNS
server to resolve it to an IP address.
Use the nbns-server command in tunnel-group webvpn configuration mode once for each NetBIOS
Step 1
Name Server (NBNS). This step lets you browse a network or domain.
nbns-server {IPaddress | hostname} [master] [timeout timeout] [retry retries]
master is the computer designated as the master browser. The master browser maintains the list of
computers and shared resources. Any NBNS server you identify with this command without entering the
master portion of the command must be a Windows Internet Naming Server (WINS). Specify the master
browser first, then specify the WINS servers. You can specify up to three servers, including the master
browser, for a connection profile.
OL-12172-03
Navigate and list domains and workgroups, servers within a domain or workgroup, shares within a
server, and files within a share or directory
Create directories
Download, upload, rename, move, and delete files
Cisco Security Appliance Command Line Configuration Guide
Configuring File Access
37-43