Cisco Systems ASA5515K9, ASA 5500

74-35

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

•Populates the drop-down menu next to the URL attributes in ASDM.

•Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an

option to the drop-down menu next to the Address field of the portal page.

Table74-4 shows the changes to the main menu and address field of the portal page when you add the

plug-ins described in the following sections.

When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the

portal page displays a window to the interface and displays a help pane. The user can select the protocol

displayed in the drop-down menu and enter the URL in the Address field to establish a connection.

Some Java plug-ins may report a status of connected or online even when a session to the destination

service is not set up. The open-source plug-in reports the status, not the ASA.

The plug-ins support single sign-on (SSO). Refer to the “Configuring SSO with the HTTP Form

Protocol” section on page 74-20 for implementation details.

The minimum access rights required for remote use belong to the guest privilege mode.

Prerequisites

•Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.

•To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a

link to the server, and specify SSO support when adding the bookmark.

•The minimum access rights required for remote use belong to the guest privilege mode.

•Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be

enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.

Restrictions

•The plug-ins do not work if the security appliance configures the clientless session to use a proxy

server.

Note The remote desktop protocol plug-in does not support load balancing with a session broker.

Because of the way the protocol handles the redirect from the session broker, the connection

fails. If a session broker is not used, the plug-in works.

Table74-4 Effects of Plug-ins on the Clientless SSL VPN Portal Page

Plug-in Main Menu Option Added to Portal Page Address Field Option Added to Portal Page

ica Citrix Client ica://

rdp Terminal Servers rdp://

rdp2 Terminal Servers Vista rdp2://

ssh,telnet SSH ssh://

Telnet telnet://

vnc VNC Client vnc://