Filter
Top Products
33-55
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
Add and Edit Smart Tunnel Auto Signon List Dialog Boxes
Add and Edit Smart Tunnel Auto Signon List Dialog Boxes
Use the Add and Edit Smart Tunnel Auto Signon Lists dialog boxes to create, copy, and edit SSL VPN
smart tunnel auto sign-on objects.
Smart Tunnel Auto Sign-on is a single sign-on method for Clientless SSL VPN users. It passes the login
credentials (username and password) to internal servers for authentication using NTLM authentication,
HTTP Basic authentication, or both. Smart Tunnel Auto Sign-on is supported on ASA 5500 devices
running software version 7.1(1) and later.
An SSL VPN smart tunnel auto sign-on list object identifies the servers for which to automate the
submission of login credentials during smart tunnel setup. You can configure the clientless settings of
an ASA group policy with a smart tunnel auto sign-on list if you want to reissue the user credentials
when the user establishes a smart tunnel connection to a server. For an explanation of the types of
applications that support smart tunnel access, see Configuring SSL VPN Smart Tunnels for ASA
Devices, page 30-73.
Hash Value (Optional) The hash value for the application. By specifying a hash
value, you can ensure that the user does not rename another application
to use a supported filename and thus start an unsupported and undesired
application over the smart tunnel.
To obtain the hash value, enter the checksum of the application (that is,
the checksum of the executable file) into a utility that calculates a hash
using the SHA-1 algorithm. One example of such a utility is the
Microsoft File Checksum Integrity Verifier (FCIV), which is available
at http://support.microsoft.com/kb/841290/. Place a temporary copy of
the application to be hashed on a path that contains no spaces (for
example, c:\temp) and then enter fciv.exe -sha1 application at the
command line (for example, fciv.exe -sha1 c:\msimn.exe) to display
the SHA-1 hash. Copy and paste the value into this field.
The SHA-1 hash is always 40 hexadecimal characters. Before
authorizing an application for smart tunnel access, clientless SSL VPN
calculates the hash of the application matching the App Name. It
qualifies the application for smart tunnel access if the result matches
the value of hash.
Because the checksum varies with each version or patch of an
application, the hash you enter can match only one version or patch on
the remote host. To specify a hash for more than one version of an
application, create a unique smart tunnel entry for each hash value.
Tip Hash values require maintenance. You must update the smart
tunnel list if you want to support future versions or patches of
an application for which you supply a hash value. A sudden
problem with smart tunnel access might be an indication that
the application list containing hash values is not up-to-date with
an application upgrade. You can avoid this problem by not
entering a hash.
Table 33-40 Add and Edit Smart Tunnel Entry Dialog Boxes (Continued)
Element Description