74-63
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Application Access
Logging Off Smart Tunnel
This section describes how to ensure that the smart tunnel is properly logged off. Smart tunnel can be
logged off when all browser windows have been closed, or you can right click the notification icon and
confirm log out.
Note We strongly recommend the use of the logout button on the portal. This method pertains to clientless
SSL VPNs and logs off regardless of whether smart tunnel is used or not. The notification icon should
be used only when using standalone applications without the browser.

When Its Parent Process Terminates

This practice requires the closing of all browsers to signify log off. The smart tunnel lifetime is now tied
to the starting process lifetime. For example, if you started a smart tunnel from Internet Explorer, the
smart tunnel is turned off when no iexplore.exe is running. Smart tunnel can determine that the VPN
session has ended even if the user closed all browsers without logging out.
Note In some cases, a lingering browser process is unintentional and is strictly a result of an error.
Also, when a Secure Desktop is used, the browser process can run in another desktop even if the
user closed all browsers within the secure desktop. Therefore, smart tunnel declares all browser
instances gone when no more visible windows exist in the current desktop.
Step4 show running-config webvpn Shows the smart tunnel list entries in the SSL VPN
configuration.
Step5 (Optional)
no smart-tunnel
Removes the smart-tunnel command from the group
policy or local user policy and reverts to the default
group-policy.
Step6 (Optional)
smart-tunnel disable
Disables smart tunnel access.
Command Purpose