67-75
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Supporting a Zone Labs Integrity Server
The following example sets a URL list called FirstGroupURLs for the group policy named FirstGroup
and specifies that this should be the first URL list displayed on the homepage:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# url-list value FirstGroupURLs 1
hostname(config-group-webvpn)#
Enabling ActiveX Relay for a Group Policy
ActiveX Relay lets a user who has established a Clientless SSL VPN session use the browser to launch
Microsoft Office applications. The applications use the session to download and upload Microsoft Office
documents. The ActiveX relay remains in force until the Clientless SSL VPN session closes.
To enable or disable ActiveX controls on Clientless SSL VPN sessions, enter the following command in
group-policy webvpn configuration mode:
activex-relay {enable | disable}
To inherit the activex-relay command from the default group policy, enter the following command:
no activex-relay
The following commands enable ActiveX controls on clientless SSL VPN sessions associated with a
given group policy:
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# activex-relay enable
hostname(config-group-webvpn)
Enabling Application Access on Clientless SSL VPN Sessions for a Group Policy
To enable application access for this group policy, enter the port-forward command in group-policy
webvpn configuration mode. Port forwarding is disabled by default.
Before you can enter the port-forward command in group-policy webvpn configuration mode to enable
application access, you must define a list of applications that you want users to be able to use in a
clientless SSL VPN session. Enter the port-forward command in global configuration mode to define
this list.
To remove the port forwarding attribute from the group-policy configuration, including a null value
created by issuing the port-forward none command, enter the no form of this command. The no option
allows inheritance of a list from another group policy. To prevent inheriting a port forwarding list, enter
the port-forward command with the none keyword. The none keyword indicates that there is no
filtering. It sets a null value, thereby disallowing a filtering, and prevents inheriting filtering values.
The syntax of the command is as follows:
hostname(config-group-webvpn)# port-forward {value listname | none}
hostname(config-group-webvpn)# no port-forward
none Sets a null value for url lists. Prevents inheriting a list from a default or
specified group policy.
value name Specifies the name of a previously configured list of urls. To configure such
a list, use the url-list command in global configuration mode.
Table67-7 url-list Command Keywords and Variables