74-35
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
Populates the drop-down menu next to the URL attributes in ASDM.
Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.
Table74-4 shows the changes to the main menu and address field of the portal page when you add the
plug-ins described in the following sections.
When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.
Some Java plug-ins may report a status of connected or online even when a session to the destination
service is not set up. The open-source plug-in reports the status, not the ASA.
The plug-ins support single sign-on (SSO). Refer to the “Configuring SSO with the HTTP Form
Protocol” section on page 74-20 for implementation details.
The minimum access rights required for remote use belong to the guest privilege mode.
Prerequisites
Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.
To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a
link to the server, and specify SSO support when adding the bookmark.
The minimum access rights required for remote use belong to the guest privilege mode.
Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be
enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.
Restrictions
The plug-ins do not work if the security appliance configures the clientless session to use a proxy
server.
Note The remote desktop protocol plug-in does not support load balancing with a session broker.
Because of the way the protocol handles the redirect from the session broker, the connection
fails. If a session broker is not used, the plug-in works.
Table74-4 Effects of Plug-ins on the Clientless SSL VPN Portal Page
Plug-in Main Menu Option Added to Portal Page Address Field Option Added to Portal Page
ica Citrix Client ica://
rdp Terminal Servers rdp://
rdp2 Terminal Servers Vista rdp2://
ssh,telnet SSH ssh://
Telnet telnet://
vnc VNC Client vnc://