74-78
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Ensuring Clock Accuracy for SharePoint Access
Ensuring Clock Accuracy for SharePoint Access
The clientless SSL VPN server on the ASA uses cookies to interact with applications such as Microsoft
Word on the endpoint. The cookie expiration time set by the ASA can cause Word to malfunction when
accessing documents on a SharePoint server if the time on the ASA is incorrect. To prevent this
malfunction, set the ASA clock properly. We recommend configuring the ASA to dynamically
synchronize the time with an NTP server. For instructions, see “Setting the Date and Time.”
Using Clientless SSL VPN with PDAs
You can access clientless SSL VPN from your Pocket PC or other certified personal digital assistant
device. Neither the ASA administrator nor the clientless SSL VPN user need do anything special to use
clientless SSL VPN with a certified PDA.
Cisco has certified the following PDA platform:
HP iPaq H4150
Pocket PC 2003
Windows CE 4.20.0, build 14053
Pocket Internet Explorer (PIE)
ROM version 1.10.03ENG
ROM Date: 7/16/2004
Some differences in the PDA version of clientless SSL VPN exist:
A banner web page replaces the popup clientless SSL VPN window.
An icon bar replaces the standard clientless SSL VPN floating toolbar. This bar displays the Go,
Home and Logout buttons.
The Show Toolbar icon is not included on the main clientless SSL VPN portal page.
Upon clientless SSL VPN logout, a warning message provides instructions for closing the PIE
browser properly. If you do not follow these instructions and you close the browser window in the
common way, PIE does not disconnect from clientless SSL VPN or any secure website that uses
HTTPS.
Restrictions
Clientless SSL VPN supports OWA 2000 and OWA 2003 Basic Authentication. If Basic
Authentication is not configured on an OWA server and a clientless SSL VPN user attempts to access
that server, access is denied.
Unsupported clientless SSL VPN features:
Application Access and other Java-dependent features.
HTTP proxy.
The Citrix Metaframe feature (if the PDA does not have the corresponding Citrix ICA client
software).