Cisco ASA 5505 User Manual
Page 1637
74-51
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Configuring Application Access
•
In a Mac OS, applications using TCP that are dynamically linked to the SSL library can work over
a smart tunnel.
•
Smart tunnel does not support the following on Mac OS:
–
Proxy services.
–
Auto sign-on.
–
Applications that use two-level name spaces.
–
Console-based applications, such as Telnet, SSH, and cURL.
–
Applications using dlopen or dlsym to locate libsocket calls.
–
Statically linked applications to locate libsocket calls.
•
For Windows, if you want to add smart tunnel access to an application started from the command
prompt, you must specify “cmd.exe” in the Process Name of one entry in the smart tunnel list, and
specify the path to the application itself in another entry, because “cmd.exe” is the parent of the
application.
•
Mac OS requires the full path to the process and is case-sensitive. To avoid specifying a path for
each username, insert a tilde (~) before the partial path (e.g., ~/bin/vnc).
•
Smart Tunnel and Secure Desktop (Vault) Interoperability
Cisco supports smart tunneling inside a Secure Desktop (Vault) environment on all operating
systems that support Vault. We also support smart tunneling of desktop applications and
browser-based applications.
ASA 8.3 or later is required to perform smart tunneling from an endpoint using IE8 or a 64-bit
Windows operating system.
To implement smart tunneling with IE8, from within a Secure Desktop (Vault), the endpoint must
be connected to a secure gateway running ASA 8.3 or later; in addition, the endpoint must have
Cisco Secure Desktop 3.5 or later installed.
Smart tunneling is not intended to restrict network access to only internal resources.
Adding Applications to Be Eligible for Smart Tunnel Access
The clientless SSL VPN configuration of each ASA supports smart tunnel lists, each of which identifies
one or more applications eligible for smart tunnel access. Because each group policy or username
supports only one smart tunnel list, you must group each set of applications to be supported into a smart
tunnel list.
To add an entry to a list of applications that can use a clientless SSL VPN session to connect to private
sites, enter the following commands: