Filter
Top Products
30-51
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Working with SSL and IKEv2 IPSec VPN Policies
When the user in a clientless SSL VPN session clicks the associated menu option on the portal page, the
portal page displays a window to the interface and displays a help pane. The user can select the protocol
displayed in the drop-down menu and enter the URL in the Address field to establish a connection.
Note Some Java plug-ins might report a status of connected or online even when a session to the destination
service is not set up. The open-source plug-in reports the status, not the security appliance.
In the Plug-in tab of the SSL VPN Global Settings page, you can view the currently configured browser
plug-ins for clientless SSL VPN browser access. From this tab, you can create or edit the plug-in files,
as described in the following procedure.
Plug-in Requirements and Restrictions
Clientless SSL VPN must be enabled on the security appliance to provide remote access to the plug-ins.
The minimum access rights required for remote use belong to the guest privilege mode. The plug-ins
automatically install or update the Java version required on the remote computer. A stateful failover does
not retain sessions established using plug-ins. Users must reconnect following a failover.
Before installing a plug-in, prepare the security appliance as follows:
• Make sure clientless SSL VPN is enabled on an interface on the security appliance.
• Install an SSL certificate onto the security appliance interface to which remote users use a
fully-qualified domain name (FQDN) to connect.
Note Do not specify an IP address as the common name (CN) for the SSL certificate. The remote
user attempts to use the FQDN to communicate with the security appliance. The remote PC
must be able to use DNS or an entry in the System32\drivers\etc\hosts file to resolve the
FQDN.
Related Topics
• Understanding and Managing SSL VPN Support Files, page 29-5
• Configuring Other SSL VPN Settings (ASA), page 30-41
Step 1 Do one of the following:
• (Device view) With an ASA device selected, select Remote Access VPN > SSL VPN > Other
Settings from the Policy selector.
• (Policy view) Select Remote Access VPN > SSL VPN > Other Settings (ASA) from the Policy
Type selector. Select an existing policy or create a new one.
Step 2 On the Other Settings page, click the Plug-in tab. The Plug-in tab lists all configured plug-ins, including
the type of plug-in and the name of the File policy object that defines the actual plug-in file.
Step 3 Do any of the following:
• To add a plug-in, click the Add Row button beneath the table and fill in the Add Plug-In Entry dialog
box as follows:
–
Plug-in—Select the type of plug-in that you are adding:
–
Remote Desktop (RDP) or RDP2—For Remote Desktop Protocol services.
–
Secure Shell (SSH), Telnet—For Secure Shell and Telnet services.
–
VNC—For Virtual Network Computing services.