72-58
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter72 Configuring Clientless SSL VPN
Configuring the Use of External Proxy Servers
Note These options are mutually exclusive for each group policy and username. Use only one.
Detailed Steps
The Add or Edit Port Forwarding List dialog box lets you add or edit the following:
Step1 Provide an alphanumeric name for the list. The maximum is 64 characters.
Step2 Enter which local port listens for traffic for the application. You can use a local port number only once
for a listname. To avoid conflicts with local TCP services, use port numbers in the range 1024 to 65535.
Note Enter the IP address or DNS name of the remote server. We recommend using a domain name
so that you do not have to configure the client applications for the specific IP address.
Step3 Enter the remote port that listens for traffic for the application.
Step4 Describe the TCP application. The maximum is 64 characters.
For details, go to the section that addresses the option you want to use.

Enabling and Disabling Port Forwarding

By default, port forwarding is disabled.
If you enable port forwarding, the user will have to start it manually, using the Application Access >
Start Applications button on the clientless SSL VPN portal page.
Configuring the Use of External Proxy Servers
Use the Proxies pane to configure the ASA to use external proxy servers to handle HTTP requests and
HTTPS requests. These servers act as an intermediary between users and the Internet. Requiring all
Internet access via servers you control provides another opportunity for filtering to assure secure Internet
access and administrative control.
Restrictions
HTTP and HTTPS proxy services do not support connections to personal digital assistants.
Detailed Steps
Step1 Click Use an HTTP proxy server.
Step2 Identify the HTTP proxy server by its IP address or hostname.
Step3 Enter the hostname or IP address of the external HTTP proxy server.
Step4 Enter the port that listens for HTTP requests. The default port is 80.