Cisco PIX 500 Series Configuration Manual page 699

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
Clientless SSL VPN does not use ACLs defined in the vpn-filter command.
Note
The following example shows how to set a filter that invokes an access list named acl_in for the user
named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# filter acl_in
hostname(config-username-webvpn)#
Applying a URL List
You can specify a list of URLs to appear on the home page for a user who has established a clientless
SSL VPN session. First, you must create one or more named lists by entering the url-list command in
global configuration mode. To apply a list of servers and URLs to a particular user of clientless SSL
VPN, enter the url-list command in username webvpn configuration mode.
To remove a list, including a null value created by using the url-list none command, enter the no form
of this command. The no option allows inheritance of a value from the group policy. To prevent
inheriting a url list, enter the url-list none command.
hostname(config-username-webvpn)# url-list { listname displayname url | none}
hostname(config-username-webvpn)# no url-list
The keywords and variables used in this command are as follows:
•
•
•
•
There is no default URL list.
Using the command a second time overrides the previous setting.
The following example shows how to set a URL list called AnyuserURLs for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# url-list value AnyuserURLs
hostname(config-username-webvpn)#
Enabling ActiveX Relay for a User
ActiveX Relay lets a user who has established a Clientless SSL VPN session use the browser to launch
Microsoft Office applications. The applications use the session to download and upload Microsoft Office
documents. The ActiveX relay remains in force until the Clientless SSL VPN session closes.
To enable or disable ActiveX controls on Clientless SSL VPN sessions, enter the following command in
username webvpn configuration mode:
activex-relay {enable | disable}
To inherit the activex-relay command from the group policy, enter the following command:
OL-12172-03
displayname—Specifies a name for the URL. This name appears on the portal page in the clientless
SSL VPN session.
listname—Identifies a name by which to group URLs.
none—Indicates that there is no list of URLs. Sets a null value, thereby disallowing a URL list.
Prevents inheriting URL list values.
url—Specifies a URL that users of clientless SSL VPN can access.
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-83