Cisco ASA 5505 Configuration Manual page 1468

Clientless SSL VPN Access
–
–
–
Port Number—Enter the port number that you want to use for clientless SSL VPN sessions. The
•
default port is 443, for HTTPS traffic; the range is 1 through 65535. If you change the port number,
All current clientless SSL VPN connections terminate, and current users must reconnect. You also
lose connectivity to ASDM, and a prompt displays, inviting you to reconnect.
• Default Idle Timeout—Enter the amount of time, in seconds, that a clientless SSL VPN session can
be idle before the adaptive security appliance terminates it. This value applies only if the Idle
Timeout value in the group policy for the user is set to zero (0), which means there is no timeout
value; otherwise the group policy Idle Timeout value takes precedence over the timeout you
configure here. The minimum value you can enter is 1 minute. The default is 30 minutes (1800
seconds). Maximum is 24 hours (86400 seconds).
We recommend that you set this attribute to a short time period. This is because a browser set to
disable cookies (or one that prompts for cookies and then denies them) can result in a user not
connecting but nevertheless appearing in the sessions database. If the Simultaneous Logins attribute
for the group policy is set to one, the user cannot log back in because the database indicates that the
maximum number of connections already exists. Setting a low idle timeout removes such phantom
sessions quickly, and lets a user log in again.
Max. Sessions Limit—Enter the maximum number of clientless SSL VPN sessions you want to
•
allow. Be aware that the different ASA models support clientless SSL VPN sessions as follows: ASA
5510 supports a maximum of 250; ASA 5520 maximum is 750; ASA 5540 maximum is 2500; ASA
5550 maximum is 5000.
WebVPN Memory Size—Enter the percent of total memory or the amount of memory in kilobytes
•
that you want to allocate to clientless SSL VPN processes. The default is 50% of memory. Be aware
that the different ASA models have different total amounts of memory as follows: ASA 5510—256
MB; ASA5520 —512 MB: ASA 5540—1GB, ASA 5550—4G. When you change the memory size,
the new setting takes effect only after the system reboots.
WebVPN Memory (unlabeled)—Choose to allocate memory for clientless SSL VPN either as a
•
percentage of total memory or as an amount of memory in kilobytes.
Enable Tunnel Group Drop-down List on WebVPN Login—Click to include a drop-down list of
•
configured tunnel groups on the clientless SSL VPN end-user interface. Users select a tunnel group
from this list when they log on. This field is checked by default. If you uncheck it, the user cannot
select a tunnel group at logon.
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Cisco ASA 5500 Series Configuration Guide using ASDM
67-4
Interface—Displays names of all configured interfaces.
WebVPN Enabled—Displays current status for clientless SSL VPN on the interface.
A green check next to Yes indicates that clientless SSL VPN is enabled.
A red circle next to No indicates that clientless SSL VPN is disabled.
Enable/Disable—Click to enable or disable clientless SSL VPN on the highlighted interface.
Security Context
Transparent Single
—
•
Multiple
Context System
— —
Chapter 67 Clientless SSL VPN
OL-20339-01