Cisco FirePOWER ASA 5500 series Configuration Manual page 618
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Group Policies
You must have filter selected in the functions command. WebVPN does not use ACLs defined in the
Note
vpn-filter command.
The following example shows how to set a filter that invokes an access list named acl_in for the group
policy named FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# filter acl_in
hostname(config-group-webvpn)#
Applying a URL List
You can specify a list of URLs to appear on the WebVPN home page for a group policy. First, you must
create one or more named lists by entering the url-list command in global configuration mode. To apply
a list of WebVPN servers and URLs to a particular group policy, allowing access to the URLs in a list
for a specific group policy, use the name of the list or lists you create there with the url-list command
in group-policy webvpn configuration mode. There is no default URL list.
To remove a list, including a null value created by using the url-list none command, use the no form of
this command. The no option allows inheritance of a value from another group policy. To prevent
inheriting a URL list, use the url-list none command. Using the command a second time overrides the
previous setting:
hostname(config-group-webvpn)# url-list {value
hostname(config-group-webvpn)# no url-list
Table 30-5
Table 30-5
Parameter
index
none
value name
The following example sets a URL list called FirstGroupURLs for the group policy named FirstGroup
and specifies that this should be the first URL list displayed on the homepage:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# url-list value FirstGroupURLs 1
hostname(config-group-webvpn)#
Enabling WebVPN Application Access for a Group Policy
To enable WebVPN application access for this group policy, enter the port-forward command in
group-policy webvpn configuration mode. Port forwarding is disabled by default.
Before you can enter the port-forward command in group-policy webvpn configuration mode to enable
application access, you must define a list of applications that you want users to be able to use in a
WebVPN connection. Enter the port-forward command in global configuration mode to define this list.
Cisco Security Appliance Command Line Configuration Guide
30-64
shows the url-list command parameters and their meanings.
url-list Command Keywords and Variables
Meaning
Indicates the display priority on the home page.
Sets a null value for url lists. Prevents inheriting a list from a default or
specified group policy.
Specifies the name of a previously configured list of urls. To configure such
a list, use the url-list command in global configuration mode.
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
name
| none} [index]
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
