74-34
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
Configuring Browser Access to Plug-ins
The following sections describe the integration of browser plug-ins for clientless SSL VPN browser
access:
Preparing the Security Appliance for a Plug-in, page74-36
Installing Plug-ins Redistributed By Cisco, page74-36
Providing Access to Third-Party Plug-ins, page74-38
Providing Access to a Citrix Java Presentation Server, page74-40
A browser plug-in is a separate program that a web browser invokes to perform a dedicated function,
such as connect a client to a server within the browser window. The ASA lets you import plug-ins for
download to remote browsers in clientless SSL VPN sessions. Of course, Cisco tests the plug-ins it
redistributes, and in some cases, tests the connectivity of plug-ins we cannot redistribute. However, we
do not recommend importing plug-ins that support streaming media at this time.
Note Per the GNU General Public License (GPL), Cisco redistributes plug-ins without having
made any changes to them. Per the GPL, Cisco cannot directly enhance these plug-ins.
The ASA does the following when you install a plug-in onto the flash device:
(Cisco-distributed plug-ins only) Unpacks the jar file specified in the URL.
Writes the file to the csco-config/97/plugin directory on the ASA file system.
http-proxy Configures the ASA to use an external proxy server to handle HTTP requests.
Note Proxy NTLM authentication is not supported in http-proxy. Only
proxy without authentication and basic authentication are supported.
keep-alive-ignore Sets the maximum object size to ignore for updating the session timer.
port-forward Applies a list of clientless SSL VPN TCP ports to forward. The user interface
displays the applications on this list.
post-max-size Sets the maximum object size to post.
smart-tunnel Configures a list of programs to use smart tunnel.
sso-server Sets the name of the SSO server.
storage-objects Configures storage objects for the data stored between sessions.
svc Configures SSL VPN Client attributes.
unix-auth-gid Sets the UNIX group ID.
unix-auth-uid Sets the UNIX user ID.
upload-max-size Sets the maximum object size to upload.
url-entry Controls the ability of the user to enter any HTTP/HTTP URL.
url-list Applies a list of servers and URLs that clientless SSL VPN portal page
displays for end user access.
user-storage Configures a location for storing user data between sessions.
Table74-3 Group Policy and User Attributes for Clientless SSL VPN
Command Function