Cisco ASA 5505 User Manual

74-52

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

smart-tunnel list

list application path [platform

OS] [hash]

Adds an entry to a list of applications that can use a
clientless SSL VPN session to connect to private
sites.

•

platform is windows or mac to indicate the host
OS of the application. The default value is
platform windows.

•

hash (Optional) To obtain this value, enter the
checksum of the application (that is, the
checksum of the executable file) into a utility
that calculates a hash using the SHA-1
algorithm. One example of such a utility is the
Microsoft File Checksum Integrity Verifier
(FCIV), which is available at

http://support.microsoft.com/kb/841290/

. After

installing FCIV, place a temporary copy of the
application to be hashed on a path that contains
no spaces (for example, c:/fciv.exe), then enter
fciv.exe -sha1 application at the command line
(for example, fciv.exe -sha1 c:\msimn.exe) to
display the SHA-1 hash.

The SHA-1 hash is always 40 hexadecimal
characters.

Before authorizing an application for smart
tunnel access, clientless SSL VPN calculates
the hash of the application matching the path. It
qualifies the application for smart tunnel access
if the result matches the value of hash.

Step 3

(Optional)

no smart-tunnel list list application

Removes an application from a list, specifying both
the list and the name of the application.