Chapter 37
Configuring Clientless SSL VPN
Understanding Features Not Supported in Clientless SSL VPN
The security appliance does not support the following features for clientless SSL VPN connections:
•
•
•
•
•
•
•
Using SSL to Access the Central Site
Clientless SSL VPN uses SSL and its successor, TLS1 to provide a secure connection between remote
users and specific, supported internal resources at a central site. This section includes the following
topics:
•
•
•
•
Using HTTPS for Clientless SSL VPN Sessions
Establishing clientless SSL VPN sessions requires the following:
•
•
To permit clientless SSL VPN sessions on an interface, perform the following steps:
Step 1
In global configuration mode, enter the webvpn command to enter webvpn mode.
Step 2
Enter the enable command with the name of the interface that you want to use for clientless SSL VPN
sessions.
For example, to enable clientless SSL VPN sessions on the interface called outside, enter the following:
hostname(config)# webvpn
hostname(config-webvpn)# enable outside
OL-12172-03
Inspection features under the Modular Policy Framework, inspecting configuration control.
Functionality the filter configuration commands provide, including the vpn-filter command.
NAT, reducing the need for globally unique IP addresses.
PAT, permitting multiple outbound sessions appear to originate from a single IP address.
QoS, rate limiting using the police command and priority-queue command.
Connection limits, checking either via the static or the Modular Policy Framework set connection
command.
The established command, allowing return connections from a lower security host to a higher
security host if there is already an established connection from the higher level host to the lower
level host.
Using HTTPS for Clientless SSL VPN Sessions
Configuring Clientless SSL VPN and ASDM Ports
Configuring Support for Proxy Servers
Configuring SSL/TLS Encryption Protocols
Enabling clientless SSL VPN sessions on the security appliance interface that users connect to.
Using HTTPS to access the security appliance or load balancing cluster. In a web browser, users
enter the security appliance IP address in the format https:// address where address is the IP address
or DNS hostname of the security appliance interface.
Cisco Security Appliance Command Line Configuration Guide
Getting Started
37-3