Preparing the security appliance for a plug-in, Installing plug-ins redistributed by cisco – Cisco ASA 5505 User Manual

Page 1622

Advertising
background image

74-36

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

The plug-ins support single sign-on (SSO). They use the same credentials entered to open the
clientless SSL VPN session. Because the plug-ins do not support macro substitution, you do not
have the options to perform SSO on different fields such as the internal domain password or on an
attribute on a RADIUS or LDAP server.

A stateful failover does not retain sessions established using plug-ins. Users must reconnect
following a failover.

If you use stateless failover instead of stateful failover, clientless features such as bookmarks,
customization, and dynamic access-policies are not synchronized between the failover ASA pairs.
In the event of a failover, these features do not work.

Preparing the Security Appliance for a Plug-in

Before installing a plug-in, prepare the ASA as follows:

Prerequisites

Make sure clientless SSL VPN (“webvpn”) is enabled on an ASA interface.

Restrictions

Do not specify an IP address as the common name (CN) for the SSL certificate. The remote user attempts
to use the FQDN to communicate with the ASA. The remote PC must be able to use DNS or an entry in
the System32\drivers\etc\hosts file to resolve the FQDN.

Detailed Steps

Go to the section that identifies the type of plug-in you want to provide for clientless SSL VPN access.

Installing Plug-ins Redistributed By Cisco, page 74-36

Providing Access to Third-Party Plug-ins, page 74-38

Installing Plug-ins Redistributed By Cisco

Cisco redistributes the following open-source, Java-based components to be accessed as plug-ins for web
browsers in clientless SSL VPN sessions.

Prerequisites

Make sure clientless SSL VPN (“webvpn”) is enabled on an interface on the ASA. To do so, enter
the show running-config command.

Command

Purpose

Step 1

show running-config

Shows whether webvpn is enabled on the ASA.

Step 2

Install an SSL certificate onto the ASA interface

Provides a fully-qualified domain name (FQDN) for
remote user connection.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals