33-30
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
Add or Edit Single Sign On Server Dialog Boxes

Add or Edit A Port Forwarding Entry Dialog Box

Use the Add or Edit A Port Forwarding Entry dialog boxes to create a new port forwarding list entry or
edit an existing one.
Navigation Path
Go to the Add or Edit Port Forwarding List Dialog Boxes, page 33-28 and click the Add Row button or
select an entry and click the Edit Row button beneath the Port Forwarding List table.
Field Reference
Add or Edit Single Sign On Server Dialog Boxes
Use the Add or Edit Single Sign On Server dialog box to create, copy, and edit single sign on (SSO)
server objects for use with SSL VPNs (as configured in ASA group policy objects). For information on
how to configure SSO servers in an ASA group policy, see ASA Group Policies SSL VPN Settings,
page 33-17.
Single sign-on lets users access different secure services on different servers without entering a
username and password more than once. In the authentication, the security appliance acts as a proxy for
the SSL VPN user to the SSO server. You can configure this object to identify either a Computer
Associates SiteMinder SSO server or a Security Assertion Markup Language (SAML) Browser Post
Profile version 1.1 server.
The SSO mechanism starts as part of the AAA process or just after successful user authentication to an
AAA server. The SSL VPN server running on the security appliance acts as a proxy for the user to the
authenticating server. When a user logs in, the SSL VPN server sends an SSO authentication request,
including username and password, to the authenticating server. If the server approves the authentication
request, it returns an SSO authentication cookie to the SSL VPN server. The security appliance keeps
this cookie on behalf of the user and uses it to authenticate the user to secure web sites within the domain
protected by the SSO server.
If you want to configure SSO for an SSL VPN group, you must also configure a AAA server, such as a
RADIUS or LDAP server.
Table33-19 Add or Edit A Port Forwarding Entry Dialog Box
Element Description
Local TCP Port The port number to which the local application is mapped (between 1
and 65535).
Remote Server
IP Address
Name
The IP address or fully qualified domain name of the remote server.
Select the type of entry and enter the IP address or name.
For the IP address, you can enter the name of a network/host object that
specifies the remote server’s IP address, or click Select to select it from
a list or to create a new object.
Remote TCP Port The port number of the application for which port forwarding is
configured (between 1 and 65535).
Description A description of the port forwarding entry. This information is
mandatory on Cisco IOS devices.