Configuring and applying smart tunnel policy – Cisco ASA 5505 User Manual

Page 1642

Advertising
background image

74-56

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Start smart tunnel access automatically upon user login.

Enable smart tunnel access upon user login, but require the user to start it manually, using the
Application Access > Start Smart Tunnels button on the clientless SSL VPN Portal Page.

Restrictions

These options are mutually exclusive for each group policy and username. Use only one.

The following smart tunnel commands are available to each group policy and username. The
configuration of each group policy and username supports only one of these commands at a time, so
when you enter one, the ASA replaces the one present in the configuration of the group policy or
username in question with the new one, or in the case of the last command, simply removes the
smart-tunnel command already present in the group policy or username.

Detailed Steps

Configuring and Applying Smart Tunnel Policy

The smart tunnel policy requires a per group policy/username configuration. Each group
policy/username references a globally configured list of networks. When the smart tunnel is turned on,
you can allow traffic outside of the tunnel with the use of 2 CLIs: one configures the network (a set of
hosts), and the other uses the specified smart-tunnel network to enforce a policy on a user. The following
commands create a list of hosts to use for configuring smart tunnel policies:

Command

Purpose

Step 1

smart-tunnel auto-start

list

OR

smart-tunnel enable list

OR

smart-tunnel disable

OR

no smart-tunnel [auto-start list | enable list |

disable]

Starts smart tunnel access automatically upon user
login.

Enables smart tunnel access upon user login, but
requires the user to start smart tunnel access
manually, using the Application Access > Start
Smart Tunnels button on the clientless SSL VPN
portal page.

Prevents smart tunnel access.

Removes a smart-tunnel command from the group
policy or username configuration, which then
inherits the [no] smart-tunnel command from the
default group-policy. The keywords following the
no smart-tunnel command are optional, however,
they restrict the removal to the named smart-tunnel
command.

Step 2

Refer to section that addresses the option you want to use.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals