Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Configuring the Portal for a Group Policy

69-11

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Group Policies

•Access Deny Message—Specifies a message to display to the end user when the connection is

denied. Select Inherit to accept the message in the default group policy. The default message, if you

deselect Inherit, is: “Login was successful, but because certain criteria have not been met or due to

some specific group policy, you do not have permission to use any of the VPN features. Contact your

IT administrator for more information.”

Modes

The following table shows the modes in which this feature is available:

Configuring the Portal for a Group Policy

The Portal attributes determine what appears on the portal page for members of this group policy

establishing Clientless SSL VPN connections. In this pane, you can enable Bookmark lists and URL

Entry, file server access, Port Forwarding and Smart Tunnels, ActiveX Relay, and HTTP settings.

Fields

•Bookmark List—Choose a previously-configured Bookmark list or click Manage to create a new

one. Bookmarks appear as links, from which users can navigate from the portal page.

•URL Entry—Enable to allow remote users to enter URLs directly into the portal URL field.

•File Access Control—Controls the visibility of “hidden shares” for Common Internet File System

(CIFS) files. A hidden share is identified by a dollar sign ($) at the end of the share name. For

example, drive C is shared as C$. With hidden shares, a shared folder is not displayed, and users are

restricted from browsing or accessing these hidden resources.

–

File Server Entry—Enable to allow remote users to enter the name of a file server.

–

File Server Browsing—Enable to allow remote users to browse for available file servers.

–

Hidden Share Access—Enable to hide shared folders.

•Port Forwarding Control—Provides users access to TCP-based applications over a Clientless SSL

VPN connection through a Java Applet.

–

Port Forwarding List—Choose a previously-configured list TCP applications to associate with

this group policy. Click Manage to create a new list or to edit an existing list.

–

Auto Applet Download—Enables automatic installation and starting of the Applet the first time

the user logs in.

–

Applet Name—Changes the name of the title bar that of the Applet dialog box to the name you

designate. By default, the name is Application Access.

•Smart Tunnel—Specify your smart tunnel options using a clientless (browser-based) SSL VPN

session with the ASA as the pathway and the security appliance as a proxy server:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Configuring the Portal for a Group Policy

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505