Cisco ASA 5505 User Manual

74-57

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Detailed Steps

Configuring and Applying a Smart Tunnel Tunnel Policy

Like the split tunnel configuration in SSL VPN client, the smart tunnel tunnel policy is a per
group-policy/username configuration. Each group policy/username references a globally configured list
of networks:

Detailed Steps

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

[no] smart-tunnel network ip

Creates a list of hosts to use for configuring smart
tunnel policies. <network name> is the name to
apply to the tunnel policy. <ip> is the IP address of
the network. <netmask> is the netmask of the
network.

Step 3

[no] smart-tunnel network host mask>

Establishes the hostname mask, such as *.cisco.com.

Step 4

[no] smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) | tunnelall)

OR

[no smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) | tunnelall)

Applies smart tunnel policies to a particular group or
user policy. <network name> is a list of networks to
be tunneled. <tunnelall> makes everything tunneled
(encrypted). tunnelspecified tunnels only networks
specified by network name. excludespecified tunnels
only networks that are outside of the networks
specified by network name.

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

config-group-webvpn

Switches to config-group-webvpn configuration
mode.

Step 3

[no] smart-tunnel tunnel-policy ((excludespecified |

tunnelspecified) | tunnelall)

OR

[no] smart-tunnel tunnel-policy ((excludespecified |

tunnelspecified) | tunnelall)

References a globally configured list of networks.
is a list of networks to be tunneled.
makes everything tunneled (encrypted).
tunnelspecified tunnels only networks specified by
network name. excludespecified tunnels only
networks that are outside of the networks specified
by network name.