Configuring Group-Policy Webvpn Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Group Policies
Table 30-2
permit
priority
type type
version version
The following example shows how to create client access rules for the group policy named FirstGroup.
These rules permit Cisco VPN clients running software version 4.x, while denying all Windows NT
clients:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# client-access-rule 1 deny type WinNT version *
hostname(config-group-policy)# client-access-rule 2 permit "Cisco VPN Client" version 4.*
Note
Configuring Group-Policy WebVPN Attributes
WebVPN lets users establish a secure, remote-access VPN tunnel to the security appliance using a web
browser. There is no need for either a software or hardware client. WebVPN provides easy access to a
broad range of web resources and web-enabled applications from almost any computer that can reach
HTTPS Internet sites. WebVPN uses SSL and its successor, TLS1, to provide a secure connection
between remote users and specific, supported internal resources that you configure at a central site. The
security appliance recognizes connections that need to be proxied, and the HTTP server interacts with
the authentication subsystem to authenticate users. By default, WebVPN is disabled.
You can customize a WebVPN configuration for specific internal group policies.
Note
The webvpn mode that you enter from global configuration mode lets you configure global settings for
WebVPN. The webvpn mode described in this section, which you enter from group-policy configuration
mode, lets you customize a WebVPN configuration for specific group policies.
In group-policy webvpn configuration mode, you can specify whether to inherit the settings for all the
functions or customize the following parameters, each of which is described in the subsequent sections:
•
•
•
•
•
Cisco Security Appliance Command Line Configuration Guide
30-58
client-access rule Command Keywords and Variables
Permits connections for devices of a particular type and/or version.
Determines the priority of the rule. The rule with the lowest integer has the
highest priority. Therefore, the rule with the lowest integer that matches a
client type and/or version is the rule that applies. If a lower priority rule
contradicts, the security appliance ignores it.
Identifies device types via free-form strings, for example VPN 3002. A
string must match exactly its appearance in the show vpn-sessiondb
remote display, except that you can enter the * character as a wildcard.
Identifies the device version via free-form strings, for example 7.0. A string
must match exactly its appearance in the show vpn-sessiondb remote
display, except that you can enter the * character as a wildcard.
The "type" field is a free-form string that allows any value, but that value must match the fixed
value that the client sends to the security appliance at connect time.
functions
customizations
html-content-filter
homepage
filter
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
