Cisco FirePOWER ASA 5500 series Configuration Manual page 635
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
The following example shows how to set a filter that invokes an access list named acl_in for the user
named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# filter acl_in
hostname(config-username-webvpn)#
Applying a URL List
You can specify a list of URLs to appear on the WebVPN home page for a user. First, you must create
one or more named lists by entering the url-list command in global configuration mode. To apply a list
of WebVPN servers and URLs to a particular user, enter the url-list command in username webvpn
configuration mode.
To remove a list, including a null value created by using the url-list none command, enter the no form
of this command. The no option allows inheritance of a value from the group policy. To prevent
inheriting a url list, enter the url-list none command.
hostname(config-username-webvpn)# url-list {listname displayname url | none}
hostname(config-username-webvpn)# no url-list
The keywords and variables used in this command are as follows:
•
•
•
•
There is no default URL list.
Using the command a second time overrides the previous setting.
The following example shows how to set a URL list called AnyuserURLs for the user named anyuser:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# url-list value AnyuserURLs
hostname(config-username-webvpn)#
Enabling WebVPN Application Access
To enable WebVPN application access for this user, enter the port-forward command in username
webvpn configuration mode. Port forwarding is disabled by default.
To remove the port forwarding attribute from the configuration, including a null value created by issuing
the port-forward none command, enter the no form of this command. The no option allows inheritance
of a list from the group policy. To disallow filtering and prevent inheriting a port forwarding list, enter
the port-forward command with the none keyword.
hostname(config-username-webvpn)# port-forward {value listname | none}
hostname(config-username-webvpn)# no port-forward
hostname(config-username-webvpn)#
The listname string following the keyword value identifies the list of applications WebVPN users can
access. Enter the port-forward command in configuration mode to define the list.
OL-10088-01
displayname—Specifies a name for the URL. This name appears on the WebVPN end user interface.
listname—Identifies a name by which to group URLs.
none—Indicates that there is no list of URLs. Sets a null value, thereby disallowing a URL list.
Prevents inheriting URL list values.
url—Specifies a URL that WebVPN users can access.
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-81
Advertisement
Table of Contents
Troubleshooting
