33-12
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
ASA Group Policies Dialog Box
Add or Edit VDI Server Dialog Box
Use the VDI Server dialog box to create or edit a Citrix XenApp or XenDesktop Server entry.
In a Virtual Desktop Infrastructure (VDI) model, administrators publish enterprise applications or
desktops pre-loaded with enterprise applications, and end users remotely access these applications.
These virtualized resources appear just as any other resources, such as email, so that users do not need
to go through a Citrix Access Gateway to access them. Users log onto the ASA using Citrix Receiver
mobile client, and the ASA connects to a pre-defined Citrix XenApp or XenDesktop Server. The
administrator must configure the Citrix server’s address and logon credentials under Group Policy so that
when users connect to their Citrix Virtualized resource, they enter the ASA’s SSL VPN IP address and
credentials instead of pointing to the Citrix Server’s address and credentials. When the ASA has verified
the credentials, the receiver client starts to retrieve entitled applications through the ASA.
Auto Start Smart Tunnel Whether to start smart tunnel access automatically upon user login. If
you do not select this option, the user must start the tunnel manually
through the Application Access tools on the portal page.
Auto sign-on supports only applications that use HTTP and HTTPS
using the Microsoft WININET library on a Microsoft Windows
operating system. For example, Microsoft Internet Explorer uses the
WININET dynamic linked library to communicate with web servers.
Smart Tunnel Auto Signon
Server List
The name of the smart tunnel auto sign-on list policy object assigned to
this group. Click Select to select it from a list or to create a new object.
Domain Name
(Optional)
The Windows domain to add to the username during auto sign-on, if the
universal naming convention (domain\username) is required for
authentication. For example, enter CISCO to specify CISCO\qa_team
when authenticating for the username qa_team. You must also check
the Use Domain option when configuring associated entries in the auto
sign-on server list.
Port Forwarding List The name of the port forwarding list policy object assigned to this
group. Port forwarding lists contain the set of applications that users of
clientless SSL VPN sessions can access over forwarded TCP ports.
Enter the name of the object or click Select to select it from a list or to
create a new object.
Auto Start Port Forwarding Whether to start port forwarding automatically upon user login.
Port Forwarding Applet
Name
The application name or short description to display on the Port
Forwarding Java applet screen on the portal, up to 64 characters. This
is the name of the applet users will download to act as a TCP proxy on
the client machine for the services configured on the SSL VPN
gateway.
VDI Servers List table The Citrix XenApp or XenDesktop servers that comprise the Virtual
Desktop Infrastructure.
To add a VDI server, click the Add Row button to open the Add or
Edit VDI Server Dialog Box, page 33-12.
To edit a rule, select it and click the Edit Row button.
To delete a rule, select it and click the Delete button.
Table33-7 ASA Group Policies SSL VPN Clientless Settings (Continued)
Element Description