Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Content Rewrite

72-25

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter72 Configuring Clientless SSL VPN

Content Rewrite

•Maximum Object Size—Enter the maximum size in KB of a document that the ASA can cache. The

ASA measures the original content length of the object, not rewritten or compressed content. The

range is 0 to 10,000 KB; the default is 1000 KB

•Minimum Object Size—Enter the minimum size in KB of a document that the ASA can cache. The

ASA measures the original content length of the object, not rewritten or compressed content. The

range is 0 to 10,000 KB; the default is 0 KB.

Note The Maximum Object Size must be greater than the Minimum Object Size.

•Expiration Time—Enter an integer between 0 and 900 to set the number of minutes to cache objects

without revalidating them. The default is one minute.

•LM Factor—Enter an integer between 1 and 100; the default is 20.

The LM factor sets the policy for caching objects which have only the last-modified timestamp. This

revalidates objects that have no server-set change values. The ASA estimates the length of time since

the object has changed, also called the expiration time. The estimated expiration time equals the time

elapsed since the last change multiplied by the LM factor. Setting the LM factor to 0 forces

immediate revalidation, while setting it to 100 results in the longest allowable time until

revalidation.

The expiration time sets the amount of time to for the ASA to cache objects that have neither a

last-modified time stamp nor an explicit server-set expiry time.

•Cache static content—Click to cache all content that is not subject to rewrite, for example, PDF files

and images.

•Restore Cache Default—Click to restore default values for all cache parameters.

Content Rewrite

The Content Rewrite pane lists all applications for which content rewrite is enabled or disabled.

Clientless SSL VPN processes application traffic through a content transformation/rewriting engine that

includes advanced elements such as JavaScript, VBScript, Java, and multi-byte characters to proxy

HTTP traffic which may have different semantics and access control rules depending on whether the user

is using an application within or independently of an SSL VPN device.

By default, the security appliance rewrites, or transforms, all clientless traffic. You might not want some

applications and web resources (for example, public websites) to go through the ASA. The ASA

therefore lets you create rewrite rules that let users browse certain sites and applications without going

through the ASA. This is similar to split-tunneling in an IPSec VPN connection.

You can create multiple rewrite rules. The rule number is important because the security appliance

searches rewrite rules by order number, starting with the lowest, and applies the first rule that matches.

“Configuration Example for Content Rewrite Rules” shows example content rewrite rules.

Note In ASA 8.4.4.1, The clientless SSL VPN rewriter engines were significantly improved to provide better

quality and efficacy. As a result, you can expect a better end-user experience for clientless SSL VPN

users.

Cisco Systems Content Rewrite