74-40
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
For additional information on configuring SSO and the required parameters, refer to the SSL VPN
deployment guide
(http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/ssl_vpn_deployment_guide/deploy.html
#wp1002989).
Providing Access to a Citrix Java Presentation Server
As an example of how to provide clientless SSL VPN browser access to third-party plug-ins, this section
describes how to add clientless SSL VPN support for the Citrix Presentation Server Client.
With a Citrix plug-in installed on the ASA, clientless SSL VPN users can use a connection to the ASA
to access Citrix MetaFrame services.
A stateful failover does not retain sessions established using the Citrix plug-in. Citrix users must
reauthenticate after failover.
To provide access to the Citrix plug-in, follow the procedures in the following sections.
Preparing the Citrix MetraFrame Server for Clientless SSL VPN Access
Creating and Installing the Citrix Plug-in

Preparing the Citrix MetraFrame Server for Clientless SSL VPN Access

The ASA performs the connectivity functions of the Citrix secure gateway when the Citrix client
connects to the Citrix MetaFrame Server. Therefore, you must configure the Citrix Web Interface
software to operate in a mode that does not use the (Citrix) “secure gateway.” Otherwise, the Citrix client
cannot connect to the Citrix MetaFrame Server.
Note If you are not already providing support for a plug-in, you must follow the instructions in the“Preparing
the Security Appliance for a Plug-in” section on page 74-36 before using this section.

Creating and Installing the Citrix Plug-in

To create and install the Citrix plug-in, perform the following steps:
Detailed Steps
Step1 Download the ica-plugin.zip file from the Cisco Software Download web site.
This file contains files that Cisco customized for use with the Citrix plug-in.
Step2 Download the Citrix Java client from the Citrix site.
Step3 Extract the following files from the Citrix Java client, then add them to the ica-plugin.zip file:
JICA-configN.jar
JICAEngN.jar
You can use WinZip to perform this step.
Step4 Ensure the EULA included with the Citrix Java client grants you the rights and permissions to deploy
the client on your web servers.