Cisco Systems ASA5515K9, ASA 5500 Specifying the User Home Page, Configuring Auto-Signon

67-73

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter67 Configuring Connection Profiles, Group Policies, and Users

Supporting a Zone Labs Integrity Server

Specifying the User Home Page

Specify a URL for the web page that displays when a user in this group logs in by using the homepage

command in group-policy webvpn configuration mode. There is no default home page.

To remove a configured home page, including a null value created by issuing the homepage none

command, enter the no form of this command. The no option allows inheritance of a value from another

group policy. To prevent inheriting a home page, enter the homepage none command.

The none keyword indicates that there is no home page for clientless SSL VPN sessions. It sets a null

value, thereby disallowing a home page and prevents inheriting an home page.

The url-string variable following the keyword value provides a URL for the home page. The string must

begin with either http:// or https://.

hostname(config-group-webvpn)# homepage {value url-string | none}

hostname(config-group-webvpn)# no homepage

hostname(config-group-webvpn)#

Configuring Auto-Signon

The auto-signon command is a single sign-on method for users of clientless SSL VPN sessions. It passes

the login credentials (username and password) to internal servers for authentication using NTLM

authentication, basic authentication, or both. Multiple auto-signon commands can be entered and are

processed according to the input order (early commands take precedence).

You can use the auto-signon feature in three modes: webvpn configuration, webvpn group configuration,

or webvpn username configuration mode. The typical precedence behavior applies where username

supersedes group, and group supersedes global. The mode you choose depends upon the desired scope

of authentication.

To disable auto-signon for a particular user to a particular server, use the no form of the command with

the original specification of IP block or URI. To disable authentication to all servers, use the no form

without arguments. The no option allows inheritance of a value from the group policy.

The following example, entered in group-policy webvpn configuration mode, configures auto-signon for

the user named anyuser, using basic authentication, to servers with IP addresses ranging from 10.1.1.0

to 10.1.1.255:

The following example commands configure auto-signon for users of clientless SSL VPN sessions,

using either basic or NTLM authentication, to servers defined by the URI mask https://*.example.com/*:

hostname(config)# group-policy ExamplePolicy attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# auto-signon allow uri https://*.example.com/* auth-type all

hostname(config-group-webvpn)#

The following example commands configure auto-signon for users of clientless SSL VPN sessions,

using either basic or NTLM authentication, to the server with the IP address 10.1.1.0, using subnet mask

255.255.255.0:

hostname(config)# group-policy ExamplePolicy attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# auto-signon allow ip 10.1.1.0 255.255.255.0 auth-type all

hostname(config-group-webvpn)#