Logging off smart tunnel, When its parent process terminates, Configuring smart tunnel access – Cisco ASA 5505 User Manual

74-63

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 74 Configuring Clientless SSL VPN

Configuring Application Access

Logging Off Smart Tunnel

This section describes how to ensure that the smart tunnel is properly logged off. Smart tunnel can be
logged off when all browser windows have been closed, or you can right click the notification icon and
confirm log out.

Note

We strongly recommend the use of the logout button on the portal. This method pertains to clientless
SSL VPNs and logs off regardless of whether smart tunnel is used or not. The notification icon should
be used only when using standalone applications without the browser.

When Its Parent Process Terminates

This practice requires the closing of all browsers to signify log off. The smart tunnel lifetime is now tied
to the starting process lifetime. For example, if you started a smart tunnel from Internet Explorer, the
smart tunnel is turned off when no iexplore.exe is running. Smart tunnel can determine that the VPN
session has ended even if the user closed all browsers without logging out.

Note

In some cases, a lingering browser process is unintentional and is strictly a result of an error.
Also, when a Secure Desktop is used, the browser process can run in another desktop even if the
user closed all browsers within the secure desktop. Therefore, smart tunnel declares all browser
instances gone when no more visible windows exist in the current desktop.

Step 4

show running-config webvpn

Shows the smart tunnel list entries in the SSL VPN
configuration.

Step 5

(Optional)

no smart-tunnel

Removes the smart-tunnel command from the group
policy or local user policy and reverts to the default
group-policy.

Step 6

(Optional)

smart-tunnel disable

Disables smart tunnel access.

Command

Purpose