74-67
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring Port Forwarding
Adding Applications to Be Eligible for Port Forwarding
The clientless SSL VPN configuration of each ASA supports port forwarding lists, each of which
specifies local and remote ports used by the applications for which you want to provide access. Because
each group policy or username supports only one port forwarding list, you must group each set of
applications to be supported into a list. To display the port forwarding list entries already present in the
ASA configuration, enter the following commands:
Detailed Steps
Command Purpose
Step1 dns server-group
Example:
hostname(config)# dns server-group example.com
hostname(config-dns-server-group)# domain-name
example.com
hostname(config-dns-server-group)# name-server
192.168.10.10
Enters the dns server-group mode.
Configures a DNS server group named
example.com.
Step2 domain-name Specifies the domain name. The default setting of
domain-name is DefaultDNS.
Step3 name-server Resolves the domain name to an IP address.
Step4 webvpn Switches to webvpn configuration mode.
Step5 tunnel-group webvpn Switches to tunnel-group webvpn configuration
mode.
Step6 (Required only if you are using a domain name other than the
default one [DefaultDNS])
dns-group
Example:
asa2(config-dns-server-group)# exit
asa2(config)# tunnel-group DefaultWEBVPNGroup
webvpn-attributes
asa2(config-tunnel-webvpn)# dns-group example.com
Specifies the domain name the tunnel groups will
use. By default, the security appliance assigns the
Default WEBVPNGroup as the default tunnel group
for clientless connections. Follow this instruction if
the ASA uses that tunnel group to assign settings to
the clientless connections. Otherwise, follow this
step for each tunnel configured for clientless
connections.
Command Purpose
Step1 show run webvpn port-forward Displays the port forwarding list entries already
present in the ASA configuration.
Step2 webvpn Switches to webvpn configuration mode.