33-67
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter33 Configuring Policy Objects for Remote Access VPNs
Add or Edit User Group Dialog Box
User Group Dialog Box—Clientless Settings
Use the Clientless settings to configure the clientless mode of access to the corporate network in an SSL
VPN.
In clientless access mode, once a user is authenticated and a session is established, an SSL VPN portal
page and toolbar is displayed on the user’s web browser. From the portal page, the user can access all
available HTTP sites, access web e-mail, and browse Common Internet File System (CIFS) file servers.
Navigation Path
Select Clientless from the table of contents in the Add or Edit User Group Dialog Box, page 33-58.
Related Topics
Create Group Policy Wizard—Clientless and Thin Client Access Modes Page, page29-22
Enable Device Pass-Through Whether to use Media Access Control (MAC) addresses to bypass
authentication for devices, such as Cisco IP phones, that do not support
AAA authentication.
When MAC-based AAA exemption is enabled, the device bypasses the
AAA server for traffic that matches both the MAC address of the device
and the IP address that was dynamically assigned by a DHCP server.
Authorization services are disabled automatically when you bypass
authentication. Accounting records continue to be generated (if
enabled), but the username is not displayed.
Enable Secure Unit
Authentication
Whether to provide increased security when allowing access to the
device from a remote client.
With Secure Unit Authentication (SUA), you can use one-time
passwords, two-factor authentication, and similar authentication
schemes to authenticate the remote device during Extended
Authentication (Xauth).
SUA is specified in the VPN policy on the device and is downloaded to
the remote client. This enables SUA and determines the connection
behavior of the remote client.
Enable User Authentication Whether to enable Individual User Authentication (IUA), which
supports individually authenticating clients on the inside network of the
remote access VPN, based on the IP address of each inside client. IUA
supports both static and OTP authentication mechanisms.
Table33-50 User Group Dialog Box—Advanced PIX Options (Continued)
Element Description