30-50
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies
Configuring SSL VPN Browser Plug-ins (ASA)
A browser plug-in is a separate program that a web browser invokes to perform a dedicated function,
such as connect a client to a server within the browser window. The security appliance lets you import
plug-ins for download to remote browsers in clientless SSL VPN sessions.
Cisco redistributes the following open-source, Java-based components to be accessed as plug-ins for web
browsers in Clientless SSL VPN sessions. Cisco tests the plug-ins it redistributes, and in some cases,
tests the connectivity of plug-ins we cannot redistribute. These files are available in the
\files\vms\repository folder in the product installation folder (usually C:\Program Files\CSCOpx) on the
Security Manager server. The actual file names include release numbers:
• rdp-plugin.jar—The Remote Desktop Protocol plug-in lets the remote user connect to a computer
running Microsoft Terminal Services. The web site containing the source of the redistributed plug-in
is http://properjavardp.sourceforge.net/.
• ssh-plugin.jar—The Secure Shell-Telnet plug-in lets the remote user establish a Secure Shell or
Telnet connection to a remote computer. The web site containing the source of the redistributed
plug-in is http://javassh.org/.
Note The ssh-plugin.jar provides support for both SSH and Telnet protocols. The SSH client
supports SSH Version 1.0.
• vnc-plugin.jar—The Virtual Network Computing plug-in lets the remote user use a monitor,
keyboard, and mouse to view and control a computer with remote desktop sharing turned on. The
web site containing the source of the redistributed plug-in is http://www.tightvnc.com.
Note Per the GNU General Public License (GPL), Cisco redistributes plug-ins without having made any
changes to them. Per the GPL, Cisco cannot directly enhance these plug-ins.
The security appliance does the following when you install a plug-in onto the flash device:
• (Cisco-distributed plug-ins only) Unpacks the jar file specified in the URL.
• Writes the file to the csco-config/97/plugin directory on the security appliance file system.
• Enables the plug-in for all future clientless SSL VPN sessions, and adds a main menu option and an
option to the drop-down menu next to the Address field of the portal page.
URL Select the http or https protocol, then enter a URL to which you want
to apply proxy bypass.
URLs used for proxy bypass allow a maximum of 128 bytes. The port
for HTTP is 80 and for HTTPS it is 443, unless you specify another
port.
Rewrite XML Whether to rewrite XML sites and applications to be bypassed by the
security appliance.
Rewrite Hostname Whether to rewrite external links to be bypassed by the security
appliance.
Table 30-19 Add or Edit Proxy Bypass Dialog Box (Continued)
Element Description