Cisco ASA 5505 User Manual

74-59

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Detailed Steps

Command

Purpose

Step 1

webvpn

Switches to webvpn configuration mode.

Step 2

smart-tunnel auto-signon

list

[use-domain] {ip

ip-address

[

netmask

]

|

host

hostname-mask}

Use for each server you want to add to the server list

•

list —names the list of remote servers. Use
quotation marks around the name if it includes a
space. The string can be up to 64 characters. The
ASA creates the list if it is not already present in
the configuration. Otherwise, it adds the entry to
the list. Assign a name that will help you to
distinguish.

•

use-domain (optional)—Adds the Windows
domain to the username if authentication
requires it. If you enter this keyword, be sure to
specify the domain name when assigning the
smart tunnel list to one or more group policies,
or usernames.

•

ip—Specifies the server by its IP address and
netmask.

•

ip-address[netmask]—Identifies the
sub-network of hosts to auto-authenticate to.

•

host—Specifies the server by its host name or
wildcard mask. Using this option protects the
configuration from dynamic changes to IP
addresses.

•

hostname-mask—Specifies which host name or
wildcard mask to auto-authenticate to.

Step 3

(Optional)

[no] smart-tunnel auto-signon

list

[use-domain] {ip

ip-address

[

netmask

]

|

host

hostname-mask}

Removes an entry from the list of servers, specifying
both the list and IP address or hostname as it appears
in the ASA configuration.

Step 4

show running-config webvpn smart-tunnel

Displays the smart tunnel auto sign-on list entries.

Step 5

config-webvpn

Switches to config-webvpn configuration mode.

Step 6

smart-tunnel auto-signon HR use-domain ip

192.32.22.56 255.255.255.0

Adds all hosts in the subnet and adds the Windows
domain to the username if authentication requires it.

Step 7

(Optional)

no smart-tunnel auto-signon HR use-domain ip

192.32.22.56 255.255.255.0

Removes that entry from the list and the list named
HR if the entry removed is the only entry in the list.

Step 8

no smart-tunnel auto-signon HR

Removes the entire list from the ASA configuration.

Step 9

smart-tunnel auto-signon intranet host

*.exampledomain.com

Adds all hosts in the domain to the smart tunnel auto
sign-on list named intranet.

Step 10

no smart-tunnel auto-signon intranet host

*.exampledomain.com

Removes that entry from the list.