Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505

72-47

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter72 Configuring Clientless SSL VPN

Configuring Application Access

Step1 Choose Configuration > Remote Access VPN > AAA/Local Users > Local Users.

Step2 In the User Account window, highlight the username that you want to edit.

Step3 Click Edit. The Edit User Account window appears.

Step4 In the left sidebar of the Edit User Account window, click VPN Policy > Clientless SSL VPN.

Step5 Perform one of the following:

•Check the smart tunnel_all_applications check box. All applications will be tunneled without

making a list or knowing which executables an end user may invoke for external applications.

•Or choose from the following tunnel policy options:

–

Uncheck the Inherit check box at the Smart Tunnel Policy parameter.

–

Choose from the network list and specify one of the tunnel options: use smart tunnel for the

specified network, do not use smart tunnel for the specified network, or use tunnel for all

network traffic.

The Add or Edit Smart Tunnel entry dialog box lets you specify the attributes of an application in a smart

tunnel list.

Step1 Enter a unique name for the list of applications or programs. Do not user spaces.

Following the configuration of the smart tunnel list, the list name appears next to the Smart Tunnel List

attribute in the Clientless SSL VPN group policies and local user policies. Assign a name that will help

you to distinguish its contents or purpose from other lists that you are likely to configure.

Step2 Enter a string to name the entry in the smart tunnel list. This user-specified name is saved and then

returned onto the GUI. The string is unique for the operating system. It typically names the application

to be granted smart tunnel access. To support multiple versions of an application for which you choose

to specify different paths or hash values, you can use this attribute to differentiate entries, specifying the

operating system, and name and version of the application supported by each list entry. The string can

be up to 64 characters.

Step3 Enter the filename or path to the application. The string can be up to 128 characters.

Windows requires an exact match of this value to the right side of the application path on the remote host

to qualify the application for smart tunnel access. If you specify only the filename for Windows, SSL

VPN does not enforce a location restriction on the remote host to qualify the application for smart tunnel

access.

If you specify a path and the user installed the application in another location, that application does not

qualify. The application can reside on any path as long as the right side of the string matches the value

you enter.

To authorize an application for smart tunnel access if it is present on one of several paths on the remote

host, either specify only the name and extension of the application in this field; or create a unique smart

tunnel entry for each path.

Note A sudden problem with smart tunnel access may be an indication that a Process Name value is

not up-to-date with an application upgrade. For example, the default path to an application

sometimes changes following the acquisition of the company that produces the application and

the next application upgrade.

Cisco Systems - page 1735