Configuring Content Transformation; Configuring A Certificate For Signing Rewritten Java Content; Disabling Content Rewrite - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Optimizing Clientless SSL VPN Performance
Configuring Content Transformation
By default, the security appliance processes all Clientless SSL VPN traffic through a content
transformation/rewriting engine that includes advanced elements such as JavaScript and Java to proxy
HTTP traffic that may have different semantics and access control rules depending on whether the user
is accessing an application within or independently of an SSL VPN device.
Some web resources require highly individualized treatment. The following sections describe
functionality that provides such treatment:
•
•
•
•
Subject to the requirements of your organization and the web content involved, you might use one of
these features.
Configuring a Certificate for Signing Rewritten Java Content
Java objects which have been transformed by Clientless SSL VPN can subsequently be signed using a
PKCS12 digital certificate associated with a trustpoint. You import and employ the certificate using a
combination of the crypto ca import and java-trustpoint commands.
The following example commands show the creation of a trustpoint named mytrustpoint and its
assignment to signing Java objects:
hostname(config)# crypto ca import mytrustpoint pkcs12 mypassphrase
Enter the base 64 encoded PKCS12.
End with the word "quit" on a line by itself.
[ PKCS12 data omitted ]
quit
INFO: Import PKCS12 operation completed successfully.
hostname(config)# webvpn
hostname(config)# java-trustpoint mytrustpoint
Disabling Content Rewrite
You might not want some applications and web resources, for example, public websites, to go through
the security appliance. The security appliance therefore lets you create rewrite rules that let users browse
certain sites and applications without going through the security appliance. This is similar to
split-tunneling in an IPSec VPN connection.
Use the rewrite command with the disable option in webvpn mode to specify applications and resources
to access outside a Clientless SSL VPN tunnel.
You can use the rewrite command multiple times. The order number of rules is important because the
security appliance searches rewrite rules by order number, starting with the lowest, and applies the first
rule that matches.
Cisco Security Appliance Command Line Configuration Guide
37-48
Configuring a Certificate for Signing Rewritten Java Content
Disabling Content Rewrite
Using Proxy Bypass
Configuring Application Profile Customization Framework
Chapter 37
Configuring Clientless SSL VPN
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
