33-17
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter33 Configuring Policy Objects for Remote Access VPNs
ASA Group Policies Dialog Box
ASA Group Policies SSL VPN Settings
Use the SSL VPN Settings to configure attributes that are required for clientless and port forwarding
(thin client) access modes to work, including auto signon rules for user access to servers. Auto Signon
configures the security appliance to automatically pass SSL VPN user login credentials (username and
password) on to internal servers. You can configure multiple auto signon rules.
Navigation Path
Select SSL VPN > Settings from the table of contents in the ASA Group Policies Dialog Box, page33-1.
Prompt User to Choose
Client
Time User Has to Choose
Default Location
Whether to ask the user to download the client. Enter the number of
seconds the user has to make a selection in the Time User Has to
Choose field. The default is 120 seconds.
If you do not select this option, the user is immediately taken to the
default location. The user is also taken to the default location after the
time to choose expires.
Web Po rtal —The portal page is loaded in the web browser.
AnyConnect Client—The AnyConnect client is downloaded.
AnyConnect Firewall-Client
Public ACL
The name of the extended access control list policy object to use to
restrict user access to the SSL VPN. Public rules are applied to all
interfaces on the client. Enter the name of the object or click Select to
select it from a list or to create a new object.
AnyConnect Firewall-Client
Private ACL
The name of the extended access control list policy object to use to
restrict user access to the SSL VPN. Private rules are applied to the
Virtual Adapter. Enter the name of the object or click Select to select it
from a list or to create a new object.
AnyConnect Custom
Attributes table
The AnyConnect Custom Attribute table lists the custom attributes that
are assigned to this group policy. AnyConnect custom attributes that are
defined on the AnyConnect Custom Attribute tab of the SSL VPN
Other Settings page are listed here (see Configuring AnyConnect
Custom Attributes (ASA), page 30-59). You can add or remove the
custom attributes for a group policy, and configure values for each
attribute.
To add a custom attribute, click the Add Row button beneath the
table and fill in the Add AnyConnect Custom Attribute dialog box.
To edit a custom attribute, select it, click the Edit Row button, and
make your changes in the Edit AnyConnect Custom Attribute
dialog box.
To delete a custom attribute, select it and click the Delete Row
button. You are asked to confirm the deletion.
Table33-9 ASA Group Policies SSL VPN Full Client Settings (Continued)
Element Description