74-52
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Application Access
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 smart-tunnel list list application path [platform
OS] [hash]
Adds an entry to a list of applications that can use a
clientless SSL VPN session to connect to private
sites.
platform is windows or mac to indicate the host
OS of the application. The default value is
platform windows.
hash (Optional) To obtain this value, enter the
checksum of the application (that is, the
checksum of the executable file) into a utility
that calculates a hash using the SHA-1
algorithm. One example of such a utility is the
Microsoft File Checksum Integrity Verifier
(FCIV), which is available at
http://support.microsoft.com/kb/841290/. After
installing FCIV, place a temporary copy of the
application to be hashed on a path that contains
no spaces (for example, c:/fciv.exe), then enter
fciv.exe -sha1 application at the command line
(for example, fciv.exe -sha1 c:\msimn.exe) to
display the SHA-1 hash.
The SHA-1 hash is always 40 hexadecimal
characters.
Before authorizing an application for smart
tunnel access, clientless SSL VPN calculates
the hash of the application matching the path. It
qualifies the application for smart tunnel access
if the result matches the value of hash.
Step3 (Optional)
no smart-tunnel list list application
Removes an application from a list, specifying both
the list and the name of the application.