Cisco ASA 5505 User Manual

Page 1643

Advertising
background image

74-57

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Detailed Steps

Configuring and Applying a Smart Tunnel Tunnel Policy

Like the split tunnel configuration in SSL VPN client, the smart tunnel tunnel policy is a per
group-policy/username configuration. Each group policy/username references a globally configured list
of networks:

Detailed Steps

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

[no] smart-tunnel network <network name> ip <ip>
<netmask>

Creates a list of hosts to use for configuring smart
tunnel policies. <network name> is the name to
apply to the tunnel policy. <ip> is the IP address of
the network. <netmask> is the netmask of the
network.

Step 3

[no] smart-tunnel network <network name> host <host
mask>

Establishes the hostname mask, such as *.cisco.com.

Step 4

[no] smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)

OR

[no smart-tunnel tunnel-policy ((excludespecified |
tunnelspecified) <network name> | tunnelall)

Applies smart tunnel policies to a particular group or
user policy. <network name> is a list of networks to
be tunneled. <tunnelall> makes everything tunneled
(encrypted). tunnelspecified tunnels only networks
specified by network name. excludespecified tunnels
only networks that are outside of the networks
specified by network name.

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

config-group-webvpn

Switches to config-group-webvpn configuration
mode.

Step 3

[no] smart-tunnel tunnel-policy ((excludespecified |

tunnelspecified) <network name> | tunnelall)

OR

[no] smart-tunnel tunnel-policy ((excludespecified |

tunnelspecified) <network name> | tunnelall)

References a globally configured list of networks.
<network name> is a list of networks to be tunneled.
<tunnelall> makes everything tunneled (encrypted).
tunnelspecified tunnels only networks specified by
network name. excludespecified tunnels only
networks that are outside of the networks specified
by network name.

Advertising