Configuring browser access to plug-ins – Cisco ASA 5505 User Manual

Page 1620

Advertising
background image

74-34

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

Configuring Browser Access to Plug-ins

The following sections describe the integration of browser plug-ins for clientless SSL VPN browser
access:

Preparing the Security Appliance for a Plug-in, page 74-36

Installing Plug-ins Redistributed By Cisco, page 74-36

Providing Access to Third-Party Plug-ins, page 74-38

Providing Access to a Citrix Java Presentation Server, page 74-40

A browser plug-in is a separate program that a web browser invokes to perform a dedicated function,
such as connect a client to a server within the browser window. The ASA lets you import plug-ins for
download to remote browsers in clientless SSL VPN sessions. Of course, Cisco tests the plug-ins it
redistributes, and in some cases, tests the connectivity of plug-ins we cannot redistribute. However, we
do not recommend importing plug-ins that support streaming media at this time.

Note

Per the GNU General Public License (GPL), Cisco redistributes plug-ins without having
made any changes to them. Per the GPL, Cisco cannot directly enhance these plug-ins.

The ASA does the following when you install a plug-in onto the flash device:

(Cisco-distributed plug-ins only) Unpacks the jar file specified in the URL.

Writes the file to the

csco-config/97/plugin

directory on the ASA file system.

http-proxy

Configures the ASA to use an external proxy server to handle HTTP requests.

Note

Proxy NTLM authentication is not supported in http-proxy. Only
proxy without authentication and basic authentication are supported.

keep-alive-ignore

Sets the maximum object size to ignore for updating the session timer.

port-forward

Applies a list of clientless SSL VPN TCP ports to forward. The user interface
displays the applications on this list.

post-max-size

Sets the maximum object size to post.

smart-tunnel

Configures a list of programs to use smart tunnel.

sso-server

Sets the name of the SSO server.

storage-objects

Configures storage objects for the data stored between sessions.

svc

Configures SSL VPN Client attributes.

unix-auth-gid

Sets the UNIX group ID.

unix-auth-uid

Sets the UNIX user ID.

upload-max-size

Sets the maximum object size to upload.

url-entry

Controls the ability of the user to enter any HTTP/HTTP URL.

url-list

Applies a list of servers and URLs that clientless SSL VPN portal page
displays for end user access.

user-storage

Configures a location for storing user data between sessions.

Table 74-3

Group Policy and User Attributes for Clientless SSL VPN

Command

Function

Advertising