Providing access to third-party plug-ins – Cisco ASA 5505 User Manual

74-38

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Browser Access to Plug-ins

Detailed Steps

Follow these steps to provide clientless SSL VPN browser access to a plug-in redistributed by Cisco.

Note

The ASA does not retain the import webvpn plug-in protocol command in the configuration. Instead,
it loads the contents of the

csco-config/97/plugin

directory automatically. A secondary ASA obtains

the plug-ins from the primary ASA.

Providing Access to Third-Party Plug-ins

The open framework of the security appliance lets you add plug-ins to support third-party Java
client/server applications. The POST plug-in was developed to solve some key single sign-on (SSO) and
homepage requirements for certain applications like Citrix Web Interface. This clientless SSL VPN
plug-in as the following key capabilities:

•

The option to display the homepage for a Web application (such as Citrix) in the right frame, as part
of the default clientless portal, or as the only frame in the page (completely hiding anything that is
part of the Cisco portal).

•

The option for SSO on the homepage or with an application using WebVPN variables (also known
as macros) (and therefore HTTP-POST parameters).

•

The option to preload a page before issuing a POST request. This option becomes necessary when
a logon page for an application sets some cookies.

Command

Purpose

Step 1

import webvpn plug-in

protocol [ rdp | rdp2 |

ssh,telnet

| vnc ]

URL

Example:

hostname# import webvpn plug-in protocol ssh,telnet

tftp://local_tftp_server/plugins/ssh-plugin.jar

Accessing

tftp://local_tftp_server/plugins/ssh-plugin.jar...!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Writing file disk0:/csco_config/97/plugin/ssh...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!

238510 bytes copied in 3.650 secs (79503 bytes/sec)

Installs the plug-in onto the flash device of the ASA.
protocol is one of the following values: ssh,telnet
provides plug-in access to both Secure Shell and
Telnet services.

Note

Do not enter this command once for SSH
and once for Telnet. When typing the
ssh,telnet string, do not insert a space.

URL is the remote path to the plug-in .jar file. Enter
the host name or address of the TFTP or FTP server
and the path to the plug-in.

Step 2

(Optional)

revert webvpn plug-in protocol

protocol

Example:

hostname# revert webvpn plug-in protocol rdp

Disables and removes clientless SSL VPN support
for a plug-in, as well as removing it from the flash
drive of the ASA.