74-71
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Application Access User Notes
Detailed Steps
Assign—Highlight an SSO server and click this button to assign the selected server to one or more
VPN group policies or user policies.
Application Access User Notes
The following sections provide information about using application access:
Using Application Access on Vista
Closing Application Access to Prevent hosts File Errors
Recovering from hosts File Errors When Using Application Access

Using Application Access on Vista

Users of Microsoft Windows Vista who use smart tunnels or port forwarding must add the URL of the
ASA to the Trusted Site zone. To access the Trusted Site zone, they must start Internet Explorer and
choose the Tools > Internet Options > Security tab. Vista users can also disable Protected Mode to
facilitate smart tunnel access; however, we recommend against this method because it increases the
computer’s vulnerability to attack.

Closing Application Access to Prevent hosts File Errors

To prevent hosts file errors that can interfere with Application Access, close the Application Access
window properly when you finish using Application Access. To do so, click the close icon.
Command Purpose
Step1 port-forward [enable list_name | disable]
Example:
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# port-forward enable
apps1
Enables port forwarding. You do not have to start
port forwarding manually if you entered
port-forward auto-start list_name from the
previous table.
list_name is the name of the port forwarding list
already present in the ASA webvpn configuration.
You cannot assign more than one port forwarding
list to a group policy or username.
Assigns the port forwarding list named apps1 to the
group policy.
Step2 show running-config port-forward Views the port forwarding list entries.
Step3 (Optional)
no port-forward
Removes the port-forward command from the group
policy or username and reverts to the default.
Step4 (Optional)
port-forward disable
Disables port forwarding.