Configuring Clientless Ssl Vpn Access For Specific Users - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
hostname(config)# username anyuser attributes
hostname(config-username)# password-storage enable
hostname(config-username)
Configuring Clientless SSL VPN Access for Specific Users
The following sections describe how to customize a configuration for specific users of clientless SSL
VPN sessions. Enter username webvpn configuration mode by using the webvpn command in username
configuration mode. Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to the
security appliance using a web browser. There is no need for either a software or hardware client.
Clientless SSL VPN provides easy access to a broad range of web resources and web-enabled
applications from almost any computer that can reach HTTPS Internet sites. Clientless SSL VPN uses
SSL and its successor, TLS1, to provide a secure connection between remote users and specific,
supported internal resources that you configure at a central site. The security appliance recognizes
connections that need to be proxied, and the HTTP server interacts with the authentication subsystem to
authenticate users.
The username webvpn configuration mode commands define access to files, URLs and TCP applications
over clientless SSL VPN sessions. They also identify ACLs and types of traffic to filter. Clientless SSL
VPN is disabled by default. These webvpn commands apply only to the username from which you
configure them. Notice that the prompt changes, indicating that you are now in username webvpn
configuration mode.
hostname(config-username)# webvpn
hostname(config-username-webvpn)#
To remove all commands entered in username webvpn configuration mode, use the no form of this
command:
hostname(config-username)# no webvpn
hostname(config-username)#
You do not need to configure clientless SSL VPN to use e-mail proxies.
The security appliance does not support the Microsoft Outlook Exchange (MAPI) proxy. Neither port
forwarding nor the smart tunnel feature that provides application access through a clientless SSL VPN
session supports MAPI. For Microsoft Outlook Exchange communication using the MAPI protocol,
remote users must use AnyConnect.
The webvpn mode that you enter from global configuration mode lets you configure global settings for
Note
clientless SSL VPN sessions. The username webvpn configuration mode described in this section, which
you enter from username mode, lets you customize the configuration of specific users specifically for
clientless SSL VPN sessions.
In username webvpn configuration mode, you can customize the following parameters, each of which is
described in the subsequent steps:
•
•
•
•
•
•
OL-12172-03
customizations
deny message
html-content-filter
homepage
filter
url-list
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-79
Advertisement
Table of Contents
Troubleshooting
