74-57
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Application Access
Detailed Steps
Configuring and Applying a Smart Tunnel Tunnel Policy
Like the split tunnel configuration in SSL VPN client, the smart tunnel tunnel policy is a per
group-policy/username configuration. Each group policy/username references a globally configured list
of networks:
Detailed Steps
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 [no] smart-tunnel network <network name> ip <ip>
<netmask>
Creates a list of hosts to use for configuring smart
tunnel policies. <network name> is the name to
apply to the tunnel policy. <ip> is the IP address of
the network. <netmask> is the netmask of the
network.
Step3 [no] smart-tunnel network <network name> host <host
mask>
Establishes the hostname mask, such as *.cisco.com.
Step4 [no] smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)
OR
[no smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)
Applies smart tunnel policies to a particular group or
user policy. <network name> is a list of networks to
be tunneled. <tunnelall> makes everything tunneled
(encrypted). tunnelspecified tunnels only networks
specified by network name. excludespecified tunnels
only networks that are outside of the networks
specified by network name.
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 config-group-webvpn Switches to config-group-webvpn configuration
mode.
Step3 [no] smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)
OR
[no] smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)
References a globally configured list of networks.
<network name> is a list of networks to be tunneled.
<tunnelall> makes everything tunneled (encrypted).
tunnelspecified tunnels only networks specified by
network name. excludespecified tunnels only
networks that are outside of the networks specified
by network name.