74-75
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Configuring File Access
The ASA uses a master browser, WINS server, or DNS server, typically on the same network as the ASA
or reachable from that network, to query the network for a list of servers when the remote user clicks
Browse Networks in the menu of the portal page or on the toolbar displayed during the clientless SSL
VPN session.
The master browser or DNS server provides the CIFS/FTP client on the ASA with a list of the resources
on the network, which clientless SSL VPN serves to the remote user.
Note Before configuring file access, you must configure the shares on the servers for user access.
CIFS File Access Requirement and Limitation
To access \\server\share\subfolder\personal folder, the user must have list permission for all
points above personal folder.
Clientless SSL VPN does not support the Copy and Paste buttons displayed on the CIFS browser. Users
must click Download to copy files from CIFS directories to the local desktop.
The CIFS browse server feature does not support double-byte character share names (share names
exceeding 13 characters in length). This only affects the list of folders displayed, and does not affect user
access to the folder. As a workaround, you can pre-configure the bookmark(s) for the CIFS folder(s) that
use double-byte share names, or the user can enter the URL or bookmark of the folder in the format
cifs://server/<long-folder-name> . For example:
cifs://server/Do you remember?
cifs://server/Do%20you%20remember%3F

Adding Support for File Access

Configure file access as follows:
Note The first procedure describes how to specify the master browser and WINS servers. As an alternative,
you can use ASDM to configure URL lists and entries that provide access to file shares.
Adding a share in ASDM does not require a master browser or a WINS server. However, it does not
provide support for the Browse Networks link. You can use a hostname or an IP address to refer to
ServerA when entering this command. If you use a hostname, the ASA requires a DNS server to resolve
it to an IP address.
Detailed Steps
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 tunnel-group webvpn Switches to tunnel-group webvpn configuration
mode.