Cisco ASA 5505 User Manual

74-60

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Following the configuration of the smart tunnel auto sign-on server list, you must assign it to a group
policy or a local user policy for it to become active, as described in the next section.

Adding or Editing a Smart Tunnel Auto Sign-on Server Entry

This section describes how to list the servers for which to provide auto sign-on in smart tunnel
connections and assign the lists to group policies or usernames.

Prerequisites

You must use the smart-tunnel auto-signon list command to create a list of servers first. You can assign
only one list to a group policy or username.

Restrictions

•

The smart-tunnel auto sign-on feature supports only applications communicating HTTP and HTTPS
using the Microsoft WININET library. For example, Microsoft Internet Explorer uses the WININET
dynamic linked library to communicate with web servers.

•

Firefox requires the administrator to specify hosts using an exact host name or IP address (instead
of a host mask with wild cards, a subnet using IP addresses, or a netmask). For example, within
Firefox, you cannot enter *.cisco.com and expect auto sign-on to host email.cisco.com.

Detailed Steps

To enable smart tunnel auto sign-on in clientless (browser-based) SSL VPN sessions, use the following
commands:

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

group-policy webvpn

or

username webvpn

Switches to group-policy webvpn configuration
mode.

Switches to username webvpn configuration mode.

Step 3

smart-tunnel auto-signon enable

Enables smart tunnel auto sign-on clientless SSL
VPN sessions.