Cisco ASA 5505 User Manual

Page 1670

Advertising
background image

74-84

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Optimizing Clientless SSL VPN Performance

If you configure proxy bypass using ports rather than path masks, depending on your network
configuration, you might need to change your firewall configuration to allow these ports access to the
ASA. Use path masks to avoid this restriction. Be aware, however, that path masks can change, so you
might need to use multiple pathmask statements to exhaust the possibilities.

A path is everything in a URL after the .com or .org or other types of domain name. For example, in the
URL www.example.com/hrbenefits, hrbenefits is the path. Similarly, for the URL
www.example.com/hrinsurance, hrinsurance is the path. If you want to use proxy bypass for all hr sites,
you can avoid using the command multiple times by using the * wildcard as follows: /hr*.

Detailed Steps

Configuring Application Profile Customization Framework

An APCF profile for clientless SSL VPN lets the ASA handle non-standard applications and web
resources so that they display correctly over a clientless SSL VPN connection. An APCF profile contains
a script that specifies when (pre, post), where (header, body, request, response), and what data to
transform for a particular application. The script is in XML and uses sed (stream editor) syntax for
string/text transformation. Multiple APCF profiles can run in parallel on an ASA. Within an APCF
profile script, multiple APCF rules can apply. In this case, the ASA processes the oldest rule first (based
on configuration history), then the next oldest rule, and so forth.

You can store APCF profiles on the ASA flash memory, or on an HTTP, HTTPS, or TFTP server.

Restrictions

We recommend that you configure an APCF profile only with the assistance of Cisco personnel.

Detailed Steps

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

proxy-bypass

Configures proxy bypass.

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

apcf

Example:

hostname(config)# webvpn

hostname(config-webvpn)# apcf flash:/apcf/apcf1.xml

hostname(config)# webvpn

hostname(config-webvpn)# apcf

https://myserver:1440/apcf/apcf2.xml

Identifies and locates an APCF profile that you want
to load on the ASA.

Shows how to enable an APCF profile named
apcf1.xml, located on flash memory.

Shows how to enable an APCF profile named
apcf2.xml, located on an https server called
myserver, port 1440 with the path being /apcf.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals