Cisco ASA 5505 User Manual

74-41

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Why a Microsoft Kerberos Constrained Delegation Solution

Step 5

Open a CLI session with the ASA and install the plug-in by entering the following command in
privileged EXEC mode:

import webvpn plug-in protocol ica URL

URL is the host name or IP address and path to the ica-plugin.zip file.

Note

After you import the plug-in, remote users can choose ica and enter
host/?DesiredColor=4&DesiredHRes=1024&DesiredVRes=768 into the Address field of the
portal page to access Citrix services. We recommend that you add a bookmark to make it easy
for users to connect. Adding a bookmark is required if you want to provide SSO support for
Citrix sessions.

Step 6

Establish an SSL VPN clientless session and click the bookmark or enter the URL for the Citrix server.

Use the

Client for Java Administrator’s Guide

as needed.

Viewing the Plug-ins Installed on the Security Appliance

Detailed Steps

Why a Microsoft Kerberos Constrained Delegation Solution

Many organizations want to authenticate their Clientless VPN users and extend their authentication
credentials seamlessly to web-based resources using authentication methods beyond what the ASA SSO
feature can offer today. With the growing demand to authenticate remote access users with Smart Cards

Command

Purpose

Step 1

show import webvpn plug

Example:

hostname# show import webvpn plug

ssh

rdp

vnc

ica

Lists the Java-based client applications available to
users of clientless SSL VPN.

Step 2

show import webvpn plug detail

Example:

hostname show import webvpn plug

post GXN2BIGGOAOkBMibDQsMu2GWZ3Q= Tues, 29 Apr 2008

19:57:03 GMT

rdp fHeyReIOUwDCgAL9HdTs PnjdBoo= Tues, 15 Sep 2009

23:23:56 GMT

rdp2 shw8c22T2SsILLk6zyCd6H6VOz8= Wed, 11 Feb 2009

21:17:54 GMT

Includes hash and date of the plug-in.