Adding Applications To Be Eligible For Smart Tunnel Access - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring Application Access
Adding Applications to Be Eligible for Smart Tunnel Access
The clientless SSL VPN configuration of each security appliance supports smart tunnel lists, each of
which consists of one or more applications eligible for smart tunnel access. Because each group policy
or username supports only one smart tunnel list, you must group each set of applications to be supported
into a smart tunnel list.
To add an entry to a list of applications that can use a clientless SSL VPN session to connect to private
sites, enter the following command in webvpn configuration mode:
smart-tunnel list list application path [hash]
To remove an application from a list, use the no form of the command, specifying both the list and the
name of the application.
no smart-tunnel list list application
To remove an entire list of applications from the security appliance configuration, use the no form of the
command, specifying only the list.
no smart-tunnel list list
•
•
•
Cisco Security Appliance Command Line Configuration Guide
37-36
list is the name for a list of applications or programs. Use quotation marks around the name if it
includes a space. The string can be up to 64 characters. The CLI creates the list if it is not present
in the configuration. Otherwise, it adds the entry to the list.
To view the smart tunnel list entries in the SSL VPN configuration, enter the
Note
show running-config webvpn command in privileged EXEC mode.
application is a string that serves as a unique index to each entry in the smart tunnel list. It typically
names the application to be granted smart tunnel access. To support multiple versions of an
application for which you choose to specify different paths or hash values, you can use this attribute
to differentiate entries, specifying both the name and version of the application supported by each
list entry. The string can be up to 64 characters. To change an entry already present in a smart tunnel
list, enter the name of the entry to be changed.
path is the filename and extension of the application; or a path to the application, including its
filename and extension. The string can be up to 128 characters. SSL VPN requires an exact match
of this value to the right side of the application path on the remote host to qualify the application for
smart tunnel access. If you specify only the filename and extension, SSL VPN does not enforce a
location restriction on the remote host to qualify the application for smart tunnel access.
If you specify a path and the user installed the application in another location, that application does
not qualify. The application can reside on any path as long as the right side of the string matches the
value you enter.
To authorize an application for smart tunnel access if it is present on one of several paths on the
remote host, either specify only the name and extension of the application when you enter the path
value; or enter the smart-tunnel list command once for each path, entering the same list string, but
specifying the unique application string and path value in each command.
A sudden problem with smart tunnel access may be an indication that a path value is not
Note
up-to-date with an application upgrade. For example, the default path to an application
typically changes following the acquisition of the company that produces the application and
the next upgrade.
Chapter 37
Configuring Clientless SSL VPN
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
