Cisco FirePOWER ASA 5500 series Configuration Manual page 712

Configuring File Access
The master browser provides the CIFS client on the security appliance with a list of the resources on the
network, which WebVPN serves to the remote user. You cannot use a DNS server for a master browser.
WebVPN supports file access in an Active Native Directory environment using a WINS server, but not
a Dynamic DNS server.
Step 1 of the following procedure describes how to specify the master browser and WINS servers. As an
alternative to following the instructions Step 1, you can use the url-list command in global configuration
mode or in webvpn mode, which you enter from group-policy or username mode, to configure a server
share in the File Folder Bookmarks. For example:
url-list listname displayname cifs://ServerA/ShareX/
Using this method (adding a share) does not require a master browser or a WINS server, however, it does
not provide support for the Browse Networks link. You can use a hostname or an IP address to refer to
ServerA when entering this command. If you use a hostname, the security appliance requires a DNS
server to resolve it to an IP address.
Note Before configuring file access, you must configure the shares on the servers for user access.
Add support for CIFS access to files as follows:
Use the nbns-server command in tunnel-group webvpn configuration mode once for each NetBIOS
Step 1
Name Server (NBNS).
nbns-server {IPaddress | hostname} [master] [timeout timeout] [retry retries]
master is the computer designated as the master browser. The master browser maintains the list of
computers and shared resources. Any NBNS server you identify with this command without entering the
master portion of the command must be a Windows Internet Naming Server (WINS). Specify the master
browser first, then specify the WINS servers. You can specify up to three servers, including the master
browser, for a tunnel group.
retries is the number of times to retry queries to the NBNS server. The security appliance recycles
through the list of servers this number of times before sending an error message. The default value is 2;
the range is 1 through 10.
timeout is the number of seconds the security appliance waits before sending the query again, to the same
server if it is the only one, or another server if there are more than one. The default timeout is 2 seconds;
the range is 1 to 30 seconds.
For example,
hostname(config-tunnel-webvpn)# nbns-server 192.168.1.20 master
hostname(config-tunnel-webvpn)# nbns-server 192.168.1.41
hostname(config-tunnel-webvpn)# nbns-server 192.168.1.47
Note Use the tunnel-group webvpn-attributes command if you want to display the NBNS servers already
present in the tunnel group configuration.
Step 2 (Optional) Use the character-encoding command to specify the character set to encode in WebVPN
portal pages to be delivered to remote users. By default, the encoding type set on the remote browser
determines the character set for WebVPN portal pages, so you need to set the character encoding only if
it is necessary to ensure proper encoding on the browser.
Cisco Security Appliance Command Line Configuration Guide
37-22
Chapter 37 Configuring WebVPN
OL-10088-01