Cisco ASA 5505 Configuration Manual page 1498

Configuring Smart Tunnel Access
•
•
•
•
Following the configuration and assignment of a smart tunnel list, you can make a smart tunnel easy to
use by adding a bookmark for the service and clicking the Enable Smart Tunnel Option in the Add or
Edit Bookmark dialog box (Portal > Bookmarks). You can create a bookmark independent of whether
you created a smart tunnel application list (as long as your bookmark page does not use a non-browser
application such as JAVA).
About Smart Tunnels
A smart tunnel is a connection between a TCP-based application and a private site, using a clientless
(browser-based) SSL VPN session with the security appliance as the pathway, and the adaptive security
appliance as a proxy server. You can identify applications to which you want to grant smart tunnel access
and specify the local path to each application. For applications running on Microsoft Windows, you can
also require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.
Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want
to grant smart tunnel access.
Configuring smart tunnels requires one of the following procedures, depending on whether the
application is a client or is a web-enabled application:
•
•
You can also list web-enabled applications for which to automate the submission of login credentials in
smart tunnel connections over clientless SSL VPN sessions.
Cisco ASA 5500 Series Configuration Guide using ASDM
67-34
To add a smart tunnel list and add applications to the list, click Add. The Add Smart Tunnel List
dialog box opens. After you name the list, click Add again. ASDM opens the Add Smart Tunnel
Entry dialog box, which lets you assign the attributes of a smart tunnel to the list. After doing so and
clicking OK, ASDM displays those attributes in the list. Repeat as needed to complete the list, then
click OK in the Add Smart Tunnel List dialog box.
To change a smart tunnel list, double-click the list or choose the list in the table and click Edit. Then
click Add to insert a new set of smart tunnel attributes into the list, or choose an entry in the list and
click Edit or Delete.
To remove a list, choose the list in the table and click Delete.
To specify logoff procedures for a VPN session, choose one of the following options:
If you enable the Click on smart-tunnel logoff icon in the system tray radio button, a
–
notification icon appears in the system tray when smart tunnel is started. You can use the icon
to log off a VPN session. If you select this option, the VPN session persists even when all
browser windows have been closed. This option enables you to gain clientless SSL VPN access
from a browser, start an application (such as terminal service client), and then close the browser.
If the Logoff smart-tunnel when its parent process, such as a browser, terminates radio
–
button is enabled, you are logged off after all browser windows have been closed.
Create one or more smart tunnel lists of the client applications, then assign the list to the group
policies or local user policies for whom you want to provide smart tunnel access.
Create one or more bookmark list entries that specify the URLs of the web-enabled applications
eligible for smart tunnel access, then assign the list to the DAPs, group policies, or local user
policies for whom you want to provide smart tunnel access.
Chapter 67 Clientless SSL VPN
OL-20339-01