74-59
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Application Access
Detailed Steps
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 smart-tunnel auto-signon list [use-domain] {ip
ip-address [netmask] | host hostname-mask} Use for each server you want to add to the server list
list —names the list of remote servers. Use
quotation marks around the name if it includes a
space. The string can be up to 64 characters. The
ASA creates the list if it is not already present in
the configuration. Otherwise, it adds the entry to
the list. Assign a name that will help you to
distinguish.
use-domain (optional)—Adds the Windows
domain to the username if authentication
requires it. If you enter this keyword, be sure to
specify the domain name when assigning the
smart tunnel list to one or more group policies,
or usernames.
ip—Specifies the server by its IP address and
netmask.
ip-address[netmask]—Identifies the
sub-network of hosts to auto-authenticate to.
host—Specifies the server by its host name or
wildcard mask. Using this option protects the
configuration from dynamic changes to IP
addresses.
hostname-mask—Specifies which host name or
wildcard mask to auto-authenticate to.
Step3 (Optional)
[no] smart-tunnel auto-signon list [use-domain] {ip
ip-address [netmask] | host hostname-mask}
Removes an entry from the list of servers, specifying
both the list and IP address or hostname as it appears
in the ASA configuration.
Step4 show running-config webvpn smart-tunnel Displays the smart tunnel auto sign-on list entries.
Step5 config-webvpn Switches to config-webvpn configuration mode.
Step6 smart-tunnel auto-signon HR use-domain ip
192.32.22.56 255.255.255.0
Adds all hosts in the subnet and adds the Windows
domain to the username if authentication requires it.
Step7 (Optional)
no smart-tunnel auto-signon HR use-domain ip
192.32.22.56 255.255.255.0
Removes that entry from the list and the list named
HR if the entry removed is the only entry in the list.
Step8 no smart-tunnel auto-signon HR Removes the entire list from the ASA configuration.
Step9 smart-tunnel auto-signon intranet host
*.exampledomain.com
Adds all hosts in the domain to the smart tunnel auto
sign-on list named intranet.
Step10 no smart-tunnel auto-signon intranet host
*.exampledomain.com
Removes that entry from the list.