1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Clientless SSL VPN Server Certificate Verification
Figure 1-2
Same URL Rewritten by Security Appliance and displayed on the Browser Window
Disabling URL Entry on the Portal Page
The portal page is the page that opens when the user establishes a browser-based connection. Follow
these steps to disable the URL entry on the portal page.
Prerequisites
•
Configure a group policy for all users who need clientless SSL VPN access, and enable clientless
SSL VPN only for that group policy.
Detailed Steps
Clientless SSL VPN Server Certificate Verification
When connecting to a remote SSL-enabled server through clientless SSL VPN, it is important to know
that you can trust the remote server, and that it is in fact the server you are trying to connect to. ASA 9.0
introduces support for SSL server certificate verification against a list of trusted certificate authority
(CA) certificates for clientless SSL VPN.
When you connect to a remote server via a web browser using the HTTPS protocol, the server will
provide a digital certificate signed by a CA to identify itself. Web browsers ship with a collection of CA
certificates which are used to verify the validity of the server certificate. This is a form of public key
infrastructure (PKI).
Just as browsers provide certificate management facilities, so does the ASA in the form of trusted
certificate pool management facility: trustpools. This can be thought of as a special case of trustpoint
representing multiple known CA certificates. The ASA includes a default bundle of certificates, similar
to that provided with web browsers, but it is inactive until activated by the administrator by issuing the
crypto ca import default
command.
Command Purpose
Step 1
webvpn
Switches to group policy webvpn configuration
mode.
Step 2
url-entry
Controls the ability of the user to enter any
HTTP/HTTP URL.
Step 3
(Optional) url-entry disable
Disables URL entry.
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......