Configuring content transformation – Cisco ASA 5505 User Manual
Page 1668
74-82
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 74 Configuring Clientless SSL VPN
Optimizing Clientless SSL VPN Performance
Detailed Steps
Configuring Content Transformation
By default, the ASA processes all clientless SSL VPN traffic through a content transformation/rewriting
engine that includes advanced elements such as JavaScript and Java to proxy HTTP traffic that may have
different semantics and access control rules depending on whether the user is accessing an application
within or independently of an SSL VPN device.
Some web resources require highly individualized treatment. The following sections describe
functionality that provides such treatment:
•
Configuring a Certificate for Signing Rewritten Java Content
•
•
•
Configuring Application Profile Customization Framework
Subject to the requirements of your organization and the web content involved, you might use one of
these features.
Configuring a Certificate for Signing Rewritten Java Content
Java objects which have been transformed by clientless SSL VPN can subsequently be signed using a
PKCS12 digital certificate associated with a trustpoint.
Command
Purpose
Step 1
webvpn
Switches to webvpn configuration mode.
Step 2
disable
Disables caching.
Step 3
expiry-time
Configures an expiration time for caching objects.
Step 4
lmfactor
Configures terms for revalidating cached objects.
Step 5
max-object-size
Sets a maximum size for objects to cache.
Step 6
min-object-size
Sets a minimum size for objects to cache.
Step 7
cache-static-content
Caches all cacheable web objects, content not
subject to rewriting. Examples include images and
PDF files.