Filter
Top Products
30-72
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 30 Managing Remote Access VPNs on ASA and PIX 7.0+ Devices
Customizing Clientless SSL VPN Portals
• If you are creating the object for use on an IOS device, enter the title of the bookmark, which is
displayed to users, and the URL. Be careful to select the correct protocol for the URL. Click OK to
add the bookmark to the table of bookmarks.
• If you are creating the object for use on an ASA device, you have many more options. Besides the
title and the URL, you can define a subtitle and image icon for the bookmark plus other options.
Tip If you choose the protocols RDP, SSH, Telnet, VNC, or ICA, you must configure the plug-in for
the protocol in the Remote Access VPN > SSL VPN > Other Settings policy (see Configuring
SSL VPN Browser Plug-ins (ASA), page 30-50).
You can also configure the bookmark to use the Post method rather than the Get method. If you use
Post, you must configure the post parameters by clicking Add Row beneath the Post Parameters
table. For more information on Post parameters, see these topics:
–
Using the Post URL Method and Macro Substitutions in SSL VPN Bookmarks, page 30-72
–
Add and Edit Post Parameter Dialog Boxes, page 33-36
Click OK to add the bookmark to the table of bookmarks.
Step 7 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 8 (Optional) Select Allow Value Override per Device to allow the properties of this object to be redefined
on individual devices. See Allowing a Policy Object to Be Overridden, page 6-18.
Step 9 Click OK to save the object.
Using the Post URL Method and Macro Substitutions in SSL VPN Bookmarks
One of the options you have for configuring bookmarks on an SSL VPN hosted on an ASA device is the
method used by a URL, either Get or Post. The Get method is the standard method; a user clicks the URL
and is taken to the web page. The Post method is useful when processing the data might involve changes
to it, for example, storing or updating data, ordering a product, or sending e-mail.
If you choose the Post URL method, you must configure Post parameters for bookmark entries. Because
these are often personalized resources that contain the user ID and password or other input parameters,
you might need to define clientless SSL VPN macro substitutions.
Clientless SSL VPN macro substitutions let you configure users for access to personalized resources that
contain the user ID and password or other input parameters. Examples of such resources include
bookmark entries, URL lists, and file shares.
Note For security reasons, password substitutions are disabled for file access URLs (cifs://). Also for security
reasons, use caution when introducing password substitutions for web links, especially for non-SSL
instances.
You can use the following macro substitutions:
• Logon Information Substitutions— The security appliance obtains values for these substitutions
from the SSL VPN Logon page. It recognizes these strings in user requests, and replaces them with
the value specific to the user before it passes the request on to a remote server.