Cisco ASA 5505 User Manual

Page 1498

Advertising
background image

67-72

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Supporting a Zone Labs Integrity Server

The default deny message is: “Login was successful, but because certain criteria have not been met or
due to some specific group policy, you do not have permission to use any of the VPN features. Contact
your IT administrator for more information.”

The first command in the following example creates an internal group policy named group2. The
subsequent commands modify the attributes, including the webvpn deny message associated with that
policy.

hostname(config)# group-policy group2 internal

hostname(config)# group-policy group2 attributes

hostname(config-group)# webvpn

hostname(config-group-webvpn)# deny-message value "Your login credentials are OK. However,

you have not been granted rights to use the VPN features. Contact your administrator for

more information."

hostname(config-group-webvpn)

Configuring Group-Policy Filter Attributes for Clientless SSL VPN Sessions

Specify whether to filter Java, ActiveX, images, scripts, and cookies from clientless SSL VPN sessions
for this group policy by using the html-content-filter command in webvpn mode. HTML filtering is
disabled by default.

To remove a content filter, enter the no form of this command. To remove all content filters, including a
null value created by issuing the html-content-filter command with the none keyword, enter the no
form of this command without arguments. The no option allows inheritance of a value from another
group policy. To prevent inheriting an html content filter, enter the html-content-filter command with
the none keyword.

Using the command a second time overrides the previous setting.

hostname(config-group-webvpn)# html-content-filter {java | images | scripts | cookies |

none

}

hostname(config-group-webvpn)# no html-content-filter [java | images | scripts | cookies |

none

]

Table 67-6

describes the meaning of the keywords used in this command.

The following example shows how to set filtering of JAVA and ActiveX, cookies, and images for the
group policy named FirstGroup:

hostname(config)# group-policy FirstGroup attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# html-content-filter java cookies images

hostname(config-group-webvpn)#

Table 67-6

filter Command Keywords

Keyword

Meaning

cookies

Removes cookies from images, providing limited ad filtering and privacy.

images

Removes references to images (removes <IMG> tags).

java

Removes references to Java and ActiveX (removes <EMBED>,
<APPLET>, and <OBJECT> tags).

none

Indicates that there is no filtering. Sets a null value, thereby disallowing
filtering. Prevents inheriting filtering values.

scripts

Removes references to scripting (removes <SCRIPT> tags).

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals