30-47
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies
–
CIFS Server IP, CIFS Server Host—Select one of these options to specify the CIFS server
either by IP address or hostname. If you select IP address, you can either enter the IP address
or the name of a network/host object that specifies one or more individual IP addresses.
If you specify a hostname, the security appliance retains the case you specify, although it
ignores the case when matching the name to a server.
–
Encoding Type—Select the encoding type. The options are the same as for the global setting
described above.
• To edit a rule, select it, click the Edit Row button, and make your changes in the Edit File Encoding
dialog box.
• To delete a rule, select it and click the Delete Row button. You are asked to confirm the deletion.
Configuring SSL VPN Proxies and Proxy Bypass (ASA)
Use the Proxy tab of the SSL VPN Other Settings page to configure the security appliance to terminate
HTTPS connections and forward HTTP/HTTPS requests to HTTP and HTTPS proxy servers. On this
tab, you can also configure the security appliance to perform minimal content rewriting and to specify
the types of content to rewrite—external links, XML, or neither.
The security appliance can terminate HTTPS connections and forward HTTP/HTTPS requests to HTTP
and HTTPS proxy servers. These servers act as intermediaries between users and the Internet. Requiring
all Internet access through a server you control provides another opportunity for filtering to assure secure
Internet access and administrative control.
Note The HTTP/HTTPS proxy does not support connections to personal digital assistants.
You can specify a proxy auto-configuration (PAC) file to download from an HTTP proxy server;
however, you cannot use proxy authentication when specifying the PAC file.
You can configure the security appliance to use proxy bypass when applications and web resources work
better with the content rewriting this feature provides. Proxy bypass is an alternative method of content
rewriting that makes minimal changes to the original content. It is useful with custom web applications.
You can configure multiple proxy bypass entries. The order in which you configure them is unimportant.
The interface and path mask or interface and port uniquely identify a proxy bypass rule.
If you configure proxy bypass using ports rather than path masks, depending on your network
configuration, you might need to change your firewall configuration to allow these ports access to the
security appliance. Use path masks to avoid this restriction. Be aware, however, that path masks can
change, so you might need to use multiple path mask statements to exhaust the possibilities.
This procedure shows you how to define proxies and proxy bypass rules for your SSL VPN.
Related Topics
• Configuring Other SSL VPN Settings (ASA), page 30-41
Step 1 Do one of the following:
• (Device view) With an ASA device selected, select Remote Access VPN > SSL VPN > Other
Settings from the Policy selector.