74-60
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Application Access
Following the configuration of the smart tunnel auto sign-on server list, you must assign it to a group
policy or a local user policy for it to become active, as described in the next section.
Adding or Editing a Smart Tunnel Auto Sign-on Server Entry
This section describes how to list the servers for which to provide auto sign-on in smart tunnel
connections and assign the lists to group policies or usernames.
Prerequisites
You must use the smart-tunnel auto-signon list command to create a list of servers first. You can assign
only one list to a group policy or username.
Restrictions
The smart-tunnel auto sign-on feature supports only applications communicating HTTP and HTTPS
using the Microsoft WININET library. For example, Microsoft Internet Explorer uses the WININET
dynamic linked library to communicate with web servers.
Firefox requires the administrator to specify hosts using an exact host name or IP address (instead
of a host mask with wild cards, a subnet using IP addresses, or a netmask). For example, within
Firefox, you cannot enter *.cisco.com and expect auto sign-on to host email.cisco.com.
Detailed Steps
To enable smart tunnel auto sign-on in clientless (browser-based) SSL VPN sessions, use the following
commands:
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 group-policy webvpn
or
username webvpn
Switches to group-policy webvpn configuration
mode.
Switches to username webvpn configuration mode.
Step3 smart-tunnel auto-signon enable Enables smart tunnel auto sign-on clientless SSL
VPN sessions.