74-38
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
Detailed Steps
Follow these steps to provide clientless SSL VPN browser access to a plug-in redistributed by Cisco.
Note The ASA does not retain the import webvpn plug-in protocol command in the configuration. Instead,
it loads the contents of the csco-config/97/plugin directory automatically. Asecondary ASA obtains
the plug-ins from the primary ASA.
Providing Access to Third-Party Plug-ins
The open framework of the security appliance lets you add plug-ins to support third-party Java
client/server applications. The POST plug-in was developed to solve some key single sign-on (SSO) and
homepage requirements for certain applications like Citrix Web Interface. This clientless SSL VPN
plug-in as the following key capabilities:
The option to display the homepage for a Web application (such as Citrix) in the right frame, as part
of the default clientless portal, or as the only frame in the page (completely hiding anything that is
part of the Cisco portal).
The option for SSO on the homepage or with an application using WebVPN variables (also known
as macros) (and therefore HTTP-POST parameters).
The option to preload a page before issuing a POST request. This option becomes necessary when
a logon page for an application sets some cookies.
Command Purpose
Step1 import webvpn plug-in protocol [ rdp | rdp2 |
ssh,telnet | vnc ] URL
Example:
hostname# import webvpn plug-in protocol ssh,telnet
tftp://local_tftp_server/plugins/ssh-plugin.jar
Accessing
tftp://local_tftp_server/plugins/ssh-plugin.jar...!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/csco_config/97/plugin/ssh...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
238510 bytes copied in 3.650 secs (79503 bytes/sec)
Installs the plug-in onto the flash device of the ASA.
protocol is one of the following values: ssh,telnet
provides plug-in access to both Secure Shell and
Telnet services.
Note Do not enter this command once for SSH
and once for Telnet. When typing the
ssh,telnet string, do not insert a space.
URL is the remote path to the plug-in .jar file. Enter
the host name or address of the TFTP or FTP server
and the path to the plug-in.
Step2 (Optional)
revert webvpn plug-in protocol protocol
Example:
hostname# revert webvpn plug-in protocol rdp
Disables and removes clientless SSL VPN support
for a plug-in, as well as removing it from the flash
drive of the ASA.