74-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Prerequisites for Clientless SSL VPN
Prerequisites for Clientless SSL VPN
See the Supported VPN Platforms, Cisco ASA 5500 Series for the platforms and browsers supported by
ASA Release 8.4.
Guidelines and Limitations
This section includes the guidelines and limitations of this feature.
ActiveX pages require that you enable ActiveX Relay or enter activex-relay on the associated group
policy. If you do so or assign a smart tunnel list to the policy, and the browser proxy exception list on
the endpoint specifies a proxy, the user must add a “shutdown.webvpn.relay.” entry to that list.
The ASA supports clientless access to Lotus iNotes 8.5.
The ASA does not support clientless access to Windows Shares (CIFS) Web Folders from Windows 7,
Vista, Internet Explorer 8, Mac OS, and Linux. Windows XP SP2 requires a Microsoft hotfix to support
Web Fo lde rs.
The ASA does not support the following features for clientless SSL VPN connections:
ASA 5555-X AnyConnect Premium license:
Base License: 2 sessions.
Optional permanent or time-based licenses: 10, 25, 50, 100, 250, 500, 750, 1000, 2500, or 5000
sessions.
Optional Shared licenses3: Participant or Server. For the Server license, 500-50,000 in increments
of 500 and 50,000-545,000 in increments of 1000.
ASA 5585-X with
SSP-10
AnyConnect Premium license:
Base License: 2 sessions.
Optional permanent or time-based licenses: 10, 25, 50, 100, 250, 500, 750, 1000, 2500, or 5000
sessions.
Optional Shared licenses3: Participant or Server. For the Server license, 500-50,000 in increments
of 500 and 50,000-545,000 in increments of 1000.
ASA 5585-X with
SSP-20, -40, and -60
AnyConnect Premium license:
Base License: 2 sessions.
Optional permanent or time-based licenses: 10, 25, 50, 100, 250, 500, 750, 1000, 2500, 5000, or
10000 sessions.
Optional Shared licenses3: Participant or Server. For the Server license, 500-50,000 in increments
of 500 and 50,000-545,000 in increments of 1000.
1. If you start a clientless SSL VPN session and then start an AnyConnect client session from the portal, 1 session is used in total. However, if you start the
AnyConnect client first (from a standalone client, for example) and then log into the clientless SSL VPN portal, then 2 sessions are used.
2. The maximum combined VPN sessions of all types cannot exceed the maximum sessions shown in this table.
3. A shared license lets the ASA act as a shared license server for multiple client ASAs. The shared license pool is large, but the maximum number of sessions
used by each individual ASA cannot exceed the maximum number listed for permanent licenses.
Model License Requirement1,2