Chapter 67
Clientless SSL VPN
•
•
Examples
Here are examples of ACLs for clientless SSL VPN:
Action Filter
Deny
Deny
Deny
Permit url https://www.company.com/directory
Deny
Deny
Permit url any
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Configuring the Setup for Cisco Secure Desktop
The Cisco Secure Desktop Setup window displays the version and state of the Cisco Secure Desktop
image if it is installed on the adaptive security appliance, indicates whether it is enabled, and shows the
size of the cache used to hold the Cisco Secure Desktop and SSL VPN Client on the adaptive security
appliance.
You can use the buttons in this window as follows:
OL-20339-01
Boolean operator (unlabeled)—Lists the boolean conditions (equal, not equal, greater than, less
–
than, or range) to use in matching the service specified in the service field.
Rule Flow Diagram—Graphically depicts the traffic flow using this filter. This area might be hidden.
Options—Specifies the logging rules. The default is Default Syslog.
Logging—Choose enable if you want to enable a specific logging level.
–
Syslog Level—Grayed out until you select Enable for the Logging attribute. Lets you select the
–
type of syslog messages you want the adaptive security appliance to display.
Log Interval—Lets you select the number of seconds between log messages.
–
Time Range—Lets you select the name of a predefined time-range parameter set.
–
...—Click to browse the configured time ranges or to add a new one.
–
url http://*.yahoo.com/
url cifs://fileserver/share/directory
url https://www.company.com/ directory/file.html Denies access to the specified file.
url http://*:8080/
url http://10.10.10.10
Security Context
Transparent Single
—
•
Configuring the Setup for Cisco Secure Desktop
Effect
Denies access to all of Yahoo!
Denies access to all files in the specified
location.
Permits access to the specified location
Denies HTTPS access to anywhere via
port 8080.
Denies HTTP access to 10.10.10.10.
Permits access to any URL. Usually used
after an ACL that denies url access.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
67-7