Specifying servers for smart tunnel auto sign-on – Cisco ASA 5505 User Manual
Page 1644
74-58
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Configuring Application Access
Specifying Servers for Smart Tunnel Auto Sign-on
The Add Smart Tunnel Auto Sign-on Server List dialog box lets you add one or more lists of servers for
which to automate the submission of login credentials during smart tunnel setup. The Edit Smart Tunnel
Auto-signon Server List dialog box lets you modify the contents of these lists. This feature is available
for Internet Explorer and Firefox.
To create a list of servers for which to automate the submission of credentials in smart tunnel
connections, enter the following commands:
Step 4
ciscoasa(config-webvpn)# [no] smart-tunnel network
<network name> ip <ip> <netmask>
ciscoasa(config-webvpn)# [no] smart-tunnel network
<network name> host <host mask>
<network name>Name of network to apply to tunnel
policy
<ip address>IP address of a network
<netmask>Netmask of a network
<host mask>Hostname mask, such as *.cisco.com
Example:
ciscoasa(config-webvpn)# smart-tunnel network
inventory ip 10.5.2.2
ciscoasa(config-webvpn)# smart-tunnel network
inventory host www.example.com
ciscoasa(config-group-webvpn)# smart-tunnel
tunnel-policy tunnelspecified inventory
(Optional)
ciscoasa(config-group-webvpn)# homepage value
http://www.example.com
ciscoasa(config-group-webvpn)# homepage
use-smart-tunnel
(Optional)
ciscoasa(config-webvpn)# smart-tunnel
notification-icon
Applies a tunnel policy to a group-policy/user
policy. One command specifies host and the other
specifies network IPs; use only one.
Smart tunnel tunnel policy configuration is a good
option when a vendor wants to provide a partner
with clientless access to an internal inventory server
page upon login without going through the clientless
portal first. Creates a tunnel policy that contains
only one host (assuming the inventory pages are
hosted at www.example.com (10.5.2.2), and you
want to configure both IP address and name for the
hosts.
Applies the tunnel-specified tunnel policy to the
partner’s group policy.
Specifies the group policy home page and enables
smart tunnel on it.
By default, configuration of a smart tunnel
application is not necessary because all processes
initiated by the browser with smart tunnel enabled
have access to the tunnel. However, because no
portal is visible, you may want to enable the logout
notification icon.
Command
Purpose