30-49
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies
Tip If you configure proxy bypass rules, you must also configure the SSL VPN Access policy. For
more information, see Configuring an Access Policy, page 30-40.
Add or Edit Proxy Bypass Dialog Box
Use the Add or Edit Proxy Bypass dialog box to set proxy bypass rules when the security appliance
should perform little or no content rewriting.
Navigation Path
From the Proxy tab of the SSL VPN Other Settings policy for ASA devices, click the Add Row button,
or select a rule and click the Edit Row button. For detailed information on opening the tab, see
Configuring SSL VPN Encoding Rules (ASA), page 30-45.
Field Reference
Table30-19 Add or Edit Proxy Bypass Dialog Box
Element Description
Interface The interface on the security appliance that is used for proxy bypass.
Enter the name of the interface or the interface role object, or click
Select to select it from a list or to create a new object.
Bypass On Port Select this option to use a port number for proxy bypass. Valid port
numbers are 20000-21000. Enter the ports or the name of a port list
object, or click Select to select an object or to create a new one.
Note If you configure proxy bypass using ports rather than path
masks, depending on your network configuration, you might
need to change your firewall configuration to allow these ports
access to the security appliance. Use path masks to avoid this
restriction.
Bypass Matching Specific
Pattern
Select this option to use a URL path mask to match for proxy bypass.
A path is the text in a URL that follows the domain name. For example,
in the URL www.mycompany.com/hrbenefits, hrbenefits is the path.
You can use the following wildcards:
*—Matches everything. You cannot use this wildcard by itself. It
must accompany an alphanumeric string.
?—Matches any single character.
[x-y]—Matches any character in the sequence.
[!x-y]—Matches any character not in the sequence.
The maximum is 128 bytes.
Note Path masks can change, so you might need to use multiple path
mask statements to exhaust the possibilities.