Home > Articles > Cisco Network Technology > General Networking > Configuring Cisco ASA Clientless SSL VPN

Configuring Cisco ASA Clientless SSL VPN

Article Description

Sean Wilkins looks at Cisco's Clientless SSL feature, discussing some of the possible actions that it can support and providing the configuration commands that would be used to enable it to function on the Adaptive Security Appliance (ASA) platform.
Internal Website and File Shares

Internal Website and File Shares

By default, there are a number of different options that are enabled without performing more than a few lines of configuration. Some of these options include the ability to access (via SSL) internal websites (HTTP and HTTPS), and file shares (CIFS and FTP).

There are a couple of different ways to disable these options: alter the default group policy to disable these options and/or to create a new group policy and insert specific users into that group, which can be configured to disable this access. Table 3 shows the configuration commands that can be used to alter the default group policy to disable web and file access options.

Table 3: Configure Internal Website and File Share Options

1

Enter the default group policy attribute configuration mode.

asa(config)#group-policy DfltGrpPolicy attributes

2

Enter WebVPN sub-configuration mode.

asa(config-group-policy)#webvpn

3

Disable the ability to enter internal website URLs.

asa(config-group-webvpn)#url-entry disable


OR


3

Disable the ability to enter internal file share URLs.

asa(config-group-webvpn)#file-entry disable


OR


3

Disable the ability browse for internal file shares.

asa(config-group-webvpn)#file-browsing disable

4. Browser Plug-ins | Next Section Previous Section