Cisco ASA 5505 User Manual

Page 1511

Advertising
background image

67-85

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring User Attributes

hostname(config)# username anyuser attributes

hostname(config-username)# password-storage enable

hostname(config-username)

Configuring Clientless SSL VPN Access for Specific Users

The following sections describe how to customize a configuration for specific users of clientless SSL
VPN sessions. Enter username webvpn configuration mode by using the webvpn command in username
configuration mode. Clientless SSL VPN lets users establish a secure, remote-access VPN tunnel to the
ASA using a web browser. There is no need for either a software or hardware client. Clientless SSL VPN
provides easy access to a broad range of web resources and web-enabled applications from almost any
computer that can reach HTTPS Internet sites. Clientless SSL VPN uses SSL and its successor, TLS1,
to provide a secure connection between remote users and specific, supported internal resources that you
configure at a central site. The ASA recognizes connections that need to be proxied, and the HTTP server
interacts with the authentication subsystem to authenticate users.

The username webvpn configuration mode commands define access to files, URLs and TCP applications
over clientless SSL VPN sessions. They also identify ACLs and types of traffic to filter. Clientless SSL
VPN is disabled by default. These webvpn commands apply only to the username from which you
configure them. Notice that the prompt changes, indicating that you are now in username webvpn
configuration mode.

hostname(config-username)# webvpn

hostname(config-username-webvpn)#

To remove all commands entered in username webvpn configuration mode, use the no form of this
command:

hostname(config-username)# no webvpn

hostname(config-username)#

You do not need to configure clientless SSL VPN to use e-mail proxies.

Note

The webvpn mode that you enter from global configuration mode lets you configure global settings for
clientless SSL VPN sessions. The username webvpn configuration mode described in this section, which
you enter from username mode, lets you customize the configuration of specific users specifically for
clientless SSL VPN sessions.

In username webvpn configuration mode, you can customize the following parameters, each of which is
described in the subsequent steps:

customizations

deny message

html-content-filter

homepage

filter

url-list

port-forward

port-forward-name

sso server (single-signon server)

auto-signon

Advertising