74-82
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter74 Configuring Clientless SSL VPN
Optimizing Clientless SSL VPN Performance
Detailed Steps
Configuring Content Transformation
By default, the ASA processes all clientless SSL VPN traffic through a content transformation/rewriting
engine that includes advanced elements such as JavaScript and Java to proxy HTTP traffic that may have
different semantics and access control rules depending on whether the user is accessing an application
within or independently of an SSL VPN device.
Some web resources require highly individualized treatment. The following sections describe
functionality that provides such treatment:
Configuring a Certificate for Signing Rewritten Java Content
Disabling Content Rewrite
Using Proxy Bypass
Configuring Application Profile Customization Framework
Subject to the requirements of your organization and the web content involved, you might use one of
these features.

Configuring a Certificate for Signing Rewritten Java Content

Java objects which have been transformed by clientless SSL VPN can subsequently be signed using a
PKCS12 digital certificate associated with a trustpoint.
Command Purpose
Step1 webvpn Switches to webvpn configuration mode.
Step2 disable Disables caching.
Step3 expiry-time Configures an expiration time for caching objects.
Step4 lmfactor Configures terms for revalidating cached objects.
Step5 max-object-size Sets a maximum size for objects to cache.
Step6 min-object-size Sets a minimum size for objects to cache.
Step7 cache-static-content Caches all cacheable web objects, content not
subject to rewriting. Examples include images and
PDF files.