Cisco ASA 5505 User Manual

67-87

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Configuring User Attributes

The none keyword indicates that there is no clientless SSL VPN home page. It sets a null value, thereby
disallowing a home page and prevents inheriting a home page.

The url-string variable following the keyword value provides a URL for the home page. The string must
begin with either http:// or https://.

There is no default home page.

hostname(config-username-webvpn)# homepage {value url-string | none}

hostname(config-username-webvpn)# no homepage

hostname(config-username-webvpn)#

The following example shows how to specify www.example.com as the home page for the user named
anyuser:

hostname(config)# username anyuser attributes

hostname(config-username)# webvpn

hostname(config-username-webvpn)# homepage value www.example.com

hostname(config-username-webvpn)#

Applying Customization

Customizations determine the appearance of the windows that the user sees upon login. You configure
the customization parameters as part of configuring clientless SSL VPN. To apply a previously defined
web-page customization to change the look-and-feel of the web page that the user sees at login, enter the
customization command in username webvpn configuration mode:

hostname(config-username-webvpn)# customization {none | value customization_name}

hostname(config-username-webvpn)#

For example, to use the customization named blueborder, enter the following command:

hostname(config-username-webvpn)# customization value blueborder

hostname(config-username-webvpn)#

You configure the customization itself by entering the customization command in webvpn mode.

The following example shows a command sequence that first establishes a customization named 123 that
defines a password prompt. The example then defines a tunnel-group named test and uses the
customization command to specify the use of the customization named 123:

hostname(config)# webvpn

hostname(config-webvpn)# customization 123

hostname(config-webvpn-custom)# password-prompt Enter password

hostname(config-webvpn)# exit

hostname(config)# username testuser nopassword

hostname(config)# username testuser attributes

hostname(config-username-webvpn)# webvpn

hostname(config-username-webvpn)# customization value 123

hostname(config-username-webvpn)#

Specifying a “Deny” Message

You can specify the message delivered to a remote user who logs into clientless SSL VPN session
successfully, but has no VPN privileges by entering the deny-message command in username webvpn
configuration mode:

hostname(config-username-webvpn)# deny-message value "message"

hostname(config-username-webvpn)# no deny-message value "message"

hostname(config-username-webvpn)# deny-message none