Using e-mail over clientless ssl vpn, Configuring e-mail proxies – Cisco ASA 5505 User Manual

74-79

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Using E-Mail over Clientless SSL VPN

Using E-Mail over Clientless SSL VPN

Clientless SSL VPN supports several ways to access e-mail. This section includes the following
methods:

•

Configuring E-mail Proxies

•

Configuring Web E-mail: MS Outlook Web App

Configuring E-mail Proxies

Clientless SSL VPN supports IMAP4S, POP3S, and SMTPS e-mail proxies. The following attributes
apply globally to e-mail proxy users.

Restrictions

E-mail clients such as MS Outlook, MS Outlook Express, and Eudora lack the ability to access the
certificate store.

Detailed Steps

Command

Purpose

Step 1

accounting-server-group

Specifies the previously configured accounting
servers to use with e-mail proxy.

Step 2

authentication

Specifies the authentication method(s) for e-mail
proxy users. The default values are as follows:

•

IMAP4S: Mailhost (required)

•

POP3S Mailhost (required)

•

SMTPS: AAA

Step 3

authentication-server-group

Specifies the previously configured authentication
servers to use with e-mail proxy. The default is
LOCAL.

Step 4

authorization-server-group

Specifies the previously configured authorization
servers to use with clientless SSL VPN.

Step 5

authorization-required

Requires users to authorize successfully to connect.
The default is Disabled.

Step 6

authorization-dn-attributes

Identifies the DN of the peer certificate to use as a
username for authorization. The defaults are as
follows:

•

Primary attribute: CN

•

Secondary attribute: OU

Step 7

default-group-policy

Specifies the name of the group policy to use. The
default is DfltGrpPolicy.

Step 8

enable

Enables e-mail proxy on the specified interface. The
default is disabled.