30-76
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Customizing Clientless SSL VPN Portals
Configuring WINS/NetBIOS Name Service (NBNS) Servers To Enable File System Access in SSL VPNs
Clientless SSL VPN uses WINS and the Common Internet File System (CIFS) protocol to access or
share files, printers, and other machine resources on remote systems. The ASA or IOS device uses a
proxy CIFS client to provide this access transparently; users appear to have direct access to the file
systems (subject to individual file and user permissions).
When users attempt a file-sharing connection to a Windows computer by using its computer name, the
file server they specify corresponds to a specific WINS name that identifies a resource on the network.
The security appliance queries WINS or NetBIOS name servers to map WINS names to IP addresses.
SSL VPN requires NetBIOS to access or share files on remote systems.
You use WINS server list policy objects to configure the list of WINS servers that are used to resolve
these Microsoft file-directory share names. The WINS server list objects define the NetBIOS Name
Service (NBNS) server list on the device (using the nbns-list and nbns-server commands) for Common
Internet File System (CIFS) name resolution.
After creating the WINS server list policy object, you can configure it in the following policies and
policy objects, and also select the file access services that you want to allow:
ASA devices—In the Remote Access VPN > Connection Profiles policy, specify the WINS server
list object on the SSL tab (see SSL Tab (Connection Profiles), page30-18).
Select the file access options on the SSL VPN > Clientless page in an ASA group policy object (see
ASA Group Policies SSL VPN Clientless Settings, page 33-10), which you then select in one of
these policies:
Remote Access VPN > Group Policies
Remote Access VPN > Connection Profiles on the General tab
IOS devices—On the Clientless page in a user group policy object configured for SSL VPN (see
User Group Dialog Box—Clientless Settings, page 33-67), which you then select in the Remote
Access VPN > SSL VPN policy on the General tab.
Related Topics
Creating Policy Objects, page 6-9
Step 1 Select Manage > Policy Objects to open the Policy Object Manager, page 6-4.
Tip You can also create WINS server list objects when defining policies or objects that use this
object type. For more information, see Selecting Objects for Policies, page 6-2.
Step 2 Select WINS Server Lists from the Object Type selector.
The WINS Server List page opens, displaying the currently defined WINS server list objects.
Step 3 Right-click in the work area and select New Object to open the Add or Edit WINS Server List Dialog
Box, page 33-74.
Step 4 Enter a name for the object and optionally a description of the object.
Step 5 Click the Add Row button below the table, or select a server in the table and click Edit Row, to configure
the WINS servers defined in the object. Configure these settings:
Server—The IP address of the WINS server. You can select a network/host object or enter the
address directly.