Enabling And Disabling Smart Tunnel Access; Application Access User Notes; Closing Application Access To Prevent Hosts File Errors; Recovering From Hosts File Errors When Using Application Access - Cisco PIX 500 Series Configuration Manual

Chapter 37 Configuring Clientless SSL VPN

Enabling and Disabling Smart Tunnel Access

By default, smart tunnels are disabled. If you enable smart tunnel access, the user will have to start it
manually, using the Application Access > Start Smart Tunnels button on the clientless SSL VPN portal
page. If you enter the smart-tunnel auto-start list command described in the previous section instead
of the smart-tunnel enable list command, the user will not have to start smart tunnel access manually.
To enable smart tunnel access, enter the following command in group-policy webvpn configuration
mode or username webvpn configuration mode:
smart-tunnel [enable list | disable]
list is the name of the smart tunnel list already present in the security appliance webvpn configuration.
You cannot assign more than smart tunnel list to a group policy or username. To view the smart tunnel
list entries in the SSL VPN configuration, enter the show running-config webvpn command in
privileged EXEC mode.
To remove the smart-tunnel command from the group policy or username and inherit the [no]
smart-tunnel command from the default group-policy, use the no form of the command.
no smart-tunnel
The following commands assign the smart tunnel list named apps1 to the group policy:
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# smart-tunnel enable apps1
The following command disables smart tunnel access:
hostname(config-group-webvpn)# smart-tunnel disable

Application Access User Notes

The following sections provide information about using application access:
•
•
The security appliance does not support the Microsoft Outlook Exchange (MAPI) proxy. Neither port
Note
forwarding nor the smart tunnel feature that provides application access through a clientless SSL VPN
session supports MAPI. For Microsoft Outlook Exchange communication using the MAPI protocol,
remote users must use AnyConnect.

Closing Application Access to Prevent hosts File Errors

To prevent hosts file errors that can interfere with Application Access, close the Application Access
window properly when you finish using Application Access. To do so, click the close icon.
OL-12172-03
Closing Application Access to Prevent hosts File Errors

Recovering from hosts File Errors When Using Application Access

Cisco Security Appliance Command Line Configuration Guide
Configuring Application Access
37-39