Cisco ASA 5505 User Manual

74-35

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

•

Populates the drop-down menu next to the URL attributes in ASDM.

•

Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.

Table 74-4

shows the changes to the main menu and address field of the portal page when you add the

plug-ins described in the following sections.

When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.

Some Java plug-ins may report a status of connected or online even when a session to the destination
service is not set up. The open-source plug-in reports the status, not the ASA.

The plug-ins support single sign-on (SSO). Refer to the

“Configuring SSO with the HTTP Form

Protocol” section on page 74-20

for implementation details.

The minimum access rights required for remote use belong to the guest privilege mode.

Prerequisites

•

Clientless SSL VPN must be enabled on the ASA to provide remote access to the plug-ins.

•

To configure SSO support for a plug-in, you install the plug-in, add a bookmark entry to display a
link to the server, and specify SSO support when adding the bookmark.

•

The minimum access rights required for remote use belong to the guest privilege mode.

•

Plug-ins require ActiveX or Sun JRE 5, Update 1.4 or later (JRE 6 or later recommended) to be
enabled on the browser. An ActiveX version of the RDP plug-in is unavailable for 64-bit browsers.

Restrictions

•

The plug-ins do not work if the security appliance configures the clientless session to use a proxy
server.

Note

The remote desktop protocol plug-in does not support load balancing with a session broker.
Because of the way the protocol handles the redirect from the session broker, the connection
fails. If a session broker is not used, the plug-in works.

Table 74-4

Effects of Plug-ins on the Clientless SSL VPN Portal Page

Plug-in

Main Menu Option Added to Portal Page

Address Field Option Added to Portal Page

ica

Citrix Client

ica://

rdp

Terminal Servers

rdp://

rdp2

Terminal Servers Vista

rdp2://

ssh,telnet SSH

ssh://

Telnet

telnet://

vnc

VNC Client

vnc://