33-68
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
Add or Edit User Group Dialog Box
Field Reference
User Group Dialog Box—Thin Client Settings
Use the Thin Client settings to enable the thin client, or port forwarding, mode of access to the corporate
network in an SSL VPN. Port forwarding allows users to access applications (such as Telnet, e-mail,
VNC, SSH, and Terminal services) inside the enterprise through an SSL VPN session. A port forwarding
list object defines the mappings of port numbers on the remote client to the application’s IP address and
port behind the SSL VPN gateway.
In thin client access mode, the remote user downloads a Java applet that acts as a TCP proxy on the client
machine for the services configured on the SSL VPN gateway. The proxy provides the port forwarding
services.
Navigation Path
Select Thin Client from the table of contents in the Add or Edit User Group Dialog Box, page 33-58.
Table33-51 User Group Dialog Box—Clientless Settings
Element Description
Portal Page Websites The name of the SSL VPN bookmarks policy object that includes the
web site URLs to display on the portal page. These web sites help users
access desired resources. Enter the name of the object or click Select to
select it from a list or to create a new object.
Allow Users to Enter
Websites
Whether to allow the remote user to enter web site URLs directly into
the browser. If you do not select this option, the user can access only
those URLs included on the portal.
Enable Common Internet File
System (CIFS)
In Clientless mode, files and directories created on Microsoft Windows
servers can be accessed by the remote client through the web browser.
When you enable the Common Internet File System (CIFS), a list of file
server and directory links are displayed on the portal page after login.
The CIFS protocol lets you customize permissions on the SSL VPN
gateway to allow shared files to be accessed or modified by the remote
client, as follows:
Enable File Browsing—Whether to allow the remote user to
browse for file shares on the CIFS file servers.
Enable File Entry—Whether to allow the remote user to locate
file shares on the CIFS file servers by entering the names of the file
shares.
WINS Server List The name of the WINS server list policy object that identifies the
WINS/NetBIOS servers to use for resolving file server names. You
should supply an object if you enable CIFS. Enter the name of the
object or click Select to select if from a list or to create a new object.
Enable Citrix Whether to enable remote clients to run Citrix-enabled applications,
such as Microsoft Word or Excel, through the SSL VPN as if the
application were locally installed, without the need for client software.
The Citrix software must be installed on one or more servers on a
network that the router can reach.