Preparing The Security Appliance For A Plug-In; Providing Access To Plug-Ins Redistributed By Cisco - Cisco PIX 500 Series Configuration Manual

Chapter 37 Configuring Clientless SSL VPN

Preparing the Security Appliance for a Plug-in

Before installing a plug-in, prepare the security appliance as follows:
Step 1 Make sure clientless SSL VPN ("webvpn") is enabled on a security appliance interface. To do so, enter
the show running-config command.
Step 2 Install an SSL certificate onto the security appliance interface to which remote users use a fully-qualified
domain name (FQDN) to connect.
Note
Go to the section that identifies the type of plug-in you want to provide for clientless SSL VPN access.
•
•

Providing Access to Plug-ins Redistributed By Cisco

Cisco redistributes the following open-source, Java-based components to be accessed as plug-ins for web
browsers in clientless SSL VPN sessions:
•
•
•
Before installing a plug-in:
•
OL-12172-03
Do not specify an IP address as the common name (CN) for the SSL certificate. The remote user
attempts to use the FQDN to communicate with the security appliance. The remote PC must be
able to use DNS or an entry in the System32\drivers\etc\hosts file to resolve the FQDN.
Providing Access to Plug-ins Redistributed By Cisco, page 37-25
Providing Access to Plug-ins Not Redistributed By Cisco—Example: Citrix Java Presentation
Server Client Plug-in, page 37-27
rdp-plugin.jar—The Remote Desktop Protocol plug-in lets the remote user connect to a computer
running Microsoft Terminal Services. Cisco redistributes this plug-in without any changes to it per
the GNU General Public License. The web site containing the source of the redistributed plug-in is
http://properjavardp.sourceforge.net/.
ssh-plugin.jar—The Secure Shell-Telnet plug-in lets the remote user establish a Secure Shell or
Telnet connection to a remote computer. Cisco redistributes this plug-in without any changes to it
per the GNU General Public License. The web site containing the source of the redistributed plug-in
is http://javassh.org/.
Note The ssh-plugin.jar provides support for both SSH and Telnet protocols. The SSH client
supports SSH Version 1.0.
vnc-plugin.jar—The Virtual Network Computing plug-in lets the remote user use a monitor,
keyboard, and mouse to view and control a computer with remote desktop sharing turned on. Cisco
redistributes this plug-in without any changes to it per the GNU General Public License. The web
site containing the source of the redistributed plug-in is http://www.tightvnc.com/.
Make sure clientless SSL VPN ("webvpn") is enabled on an interface on the security appliance. To
do so, enter the show running-config command.
Configuring Browser Access to Client-Server Plug-ins
Cisco Security Appliance Command Line Configuration Guide
37-25