Filter
Top Products
30-44
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies
If you do not want some applications and web resources, such as public web sites, to go through the
security appliance, you can create rewrite rules that permit users to browse certain sites and applications
without going through the security appliance itself. This is similar to split tunneling in an IPsec VPN
connection.
In the Content Rewrite tab of the SSL VPN Other Settings page, you can configure multiple content
rewrite rules. The Content Rewrite tab lists all applications for which content rewrite is enabled or
disabled.
Tip The security appliance searches rewrite rules by order number, starting with the lowest, and applies the
first rule that matches.
This procedure shows you how to create or edit content rewrite rules.
Related Topics
• Configuring Other SSL VPN Settings (ASA), page 30-41
Step 1 Do one of the following:
• (Device view) With an ASA device selected, select Remote Access VPN > SSL VPN > Other
Settings from the Policy selector.
• (Policy view) Select Remote Access VPN > SSL VPN > Other Settings (ASA) from the Policy
Type selector. Select an existing policy or create a new one.
Step 2 On the Other Settings page, click the Content Rewrite tab. The Content Rewrite tab displays all
applications for which content rewrite is enabled or disabled.
The security appliance searches rewrite rules by order number, starting with the lowest, and applies the
first rule that matches. The resource mask defines the application string to which the rule is matched.
If a rule does not have a number, it is evaluated after all of the numbered rules.
Step 3 Do any of the following:
• To add a rule, click the Add Row button beneath the table and fill in the Add Content Rewrite dialog
box. The options are described in detail in Add/Edit Content Rewrite Dialog Box, page 30-44.
• To edit a rule, select it, click the Edit Row button, and make your changes in the Edit Content
Rewrite dialog box.
• To delete a rule, select it and click the Delete Row button. You are asked to confirm the deletion.
Add/Edit Content Rewrite Dialog Box
Use the Add or Edit Content Rewrite dialog box to configure the rewriting engine that includes advanced
elements such as JavaScript, VBScript, Java, and multi-byte characters to proxy HTTP traffic over a SSL
VPN connection. For more information about content rewrite rules, see Configuring SSL VPN Content
Rewrite Rules (ASA), page 30-43.
Navigation Path
From the Content Rewrite tab of the SSL VPN Other Settings policy for ASA devices, click the Add
Row button, or select a rule and click the Edit Row button. For detailed information on opening the tab,
see Configuring SSL VPN Content Rewrite Rules (ASA), page 30-43.