About Installing Browser Plug-Ins - Cisco PIX 500 Series Configuration Manual

Configuring Browser Access to Client-Server Plug-ins

About Installing Browser Plug-Ins

A browser plug-in is a separate program that a web browser invokes to perform a dedicated function,
such as connect a client to a server within the browser window. The security appliance lets you import
plug-ins for download to remote browsers in clientless SSL VPN sessions. Of course, Cisco tests the
plug-ins it redistributes, and in some cases, tests the connectivity of plug-ins we cannot redistribute.
However, we do not recommend importing plug-ins that support streaming media at this time.
The security appliance does the following when you install a plug-in onto the flash device:
•
•
•
•
Table 3
Plug-in
rdp
ssh,telnet SSH
vnc
ica
When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.
Some Java plug-ins may report a status of connected or online even when a session to the destination
Note
service is not set up. The open-source plug-in reports the status, not the security appliance.
Before installing the first plug-in, you must follow the instructions in the next section.
Plug-in Requirements and Restrictions
Clientless SSL VPN must be enabled on the security appliance to provide remote access to the plug-ins.
The minimum access rights required for remote use belong to the guest privilege mode. The plug-ins
automatically install or update the Java version required on the remote computer.
A stateful failover does not retain sessions established using plug-ins. Users must reconnect following a
failover.
Cisco Security Appliance Command Line Configuration Guide
37-24
Note Per the GNU General Public License (GPL), Cisco redistributes plug-ins without having
made any changes to them. Per the GPL, Cisco cannot directly enhance these plug-ins.
(Cisco-distributed plug-ins only) Unpacks the jar file specified in the URL.
Writes the file to the
csco-config/97/plugin
Populates the drop-down menu next to the URL attributes in ASDM.
Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.
Table 3 shows the changes to the main menu and address field of the portal page when you add the
plug-ins described in the following sections.
Effects of Plug-ins on the Clientless SSL VPN Portal Page
Main Menu Option Added to Portal Page
Terminal Servers
Telnet
VNC Client
Citrix Client
Chapter 37 Configuring Clientless SSL VPN
directory on the security appliance file system.
Address Field Option Added to Portal Page
rdp://
ssh://
telnet://
vnc://
ica://
OL-12172-03