74-79
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Using E-Mail over Clientless SSL VPN
Using E-Mail over Clientless SSL VPN
Clientless SSL VPN supports several ways to access e-mail. This section includes the following
methods:
Configuring E-mail Proxies
Configuring Web E-mail: MS Outlook Web App

Configuring E-mail Proxies

Clientless SSL VPN supports IMAP4S, POP3S, and SMTPS e-mail proxies. The following attributes
apply globally to e-mail proxy users.
Restrictions
E-mail clients such as MS Outlook, MS Outlook Express, and Eudora lack the ability to access the
certificate store.
Detailed Steps
Command Purpose
Step1 accounting-server-group Specifies the previously configured accounting
servers to use with e-mail proxy.
Step2 authentication Specifies the authentication method(s) for e-mail
proxy users. The default values are as follows:
IMAP4S: Mailhost (required)
POP3S Mailhost (required)
SMTPS: AAA
Step3 authentication-server-group Specifies the previously configured authentication
servers to use with e-mail proxy. The default is
LOCAL.
Step4 authorization-server-group Specifies the previously configured authorization
servers to use with clientless SSL VPN.
Step5 authorization-required Requires users to authorize successfully to connect.
The default is Disabled.
Step6 authorization-dn-attributes Identifies the DN of the peer certificate to use as a
username for authorization. The defaults are as
follows:
Primary attribute: CN
Secondary attribute: OU
Step7 default-group-policy Specifies the name of the group policy to use. The
default is DfltGrpPolicy.
Step8 enable Enables e-mail proxy on the specified interface. The
default is disabled.