beautypg.com

Cisco ASA 5505 User Manual

Page 1621

background image

74-35

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

Populates the drop-down menu next to the URL attributes in ASDM.

Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.

Table 74-4

shows the changes to the main menu and address field of the portal page when you add the

plug-ins described in the following sections.

When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.

Some Java plug-ins may report a status of connected or online even when a session to the destination
service is not set up. The open-source plug-in reports the status, not the ASA.

The plug-ins support single sign-on (SSO). Refer to the

“Configuring SSO with the HTTP Form

Protocol” section on page 74-20

for implementation details.

The minimum access rights required for remote use belong to the guest privilege mode.

Prerequisites

Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.

To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a
link to the server, and specify SSO support when adding the bookmark.

The minimum access rights required for remote use belong to the guest privilege mode.

Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be
enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.

Restrictions

The plug-ins do not work if the security appliance configures the clientless session to use a proxy
server.

Note

The remote desktop protocol plug-in does not support load balancing with a session broker.
Because of the way the protocol handles the redirect from the session broker, the connection
fails. If a session broker is not used, the plug-in works.

Table 74-4

Effects of Plug-ins on the Clientless SSL VPN Portal Page

Plug-in

Main Menu Option Added to Portal Page

Address Field Option Added to Portal Page

ica

Citrix Client

ica://

rdp

Terminal Servers

rdp://

rdp2

Terminal Servers Vista

rdp2://

ssh,telnet SSH

ssh://

Telnet

telnet://

vnc

VNC Client

vnc://

This manual is related to the following products:
See also other documents in the category Cisco Hardware: