1-6
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Clientless SSL VPN Server Certificate Verification
Figure 1-2 Same URL Rewritten by Security Appliance and displayed on the Browser Window
Disabling URL Entry on the Portal Page
The portal page is the page that opens when the user establishes a browser-based connection. Follow
these steps to disable the URL entry on the portal page.
Prerequisites
• Configure a group policy for all users who need clientless SSL VPN access, and enable clientless
SSL VPN only for that group policy.
Detailed Steps
Clientless SSL VPN Server Certificate Verification
When connecting to a remote SSL-enabled server through clientless SSL VPN, it is important to know
that you can trust the remote server, and that it is in fact the server you are trying to connect to. ASA 9.0
introduces support for SSL server certificate verification against a list of trusted certificate authority
(CA) certificates for clientless SSL VPN.
When you connect to a remote server via a web browser using the HTTPS protocol, the server will
provide a digital certificate signed by a CA to identify itself. Web browsers ship with a collection of CA
certificates which are used to verify the validity of the server certificate. This is a form of public key
infrastructure (PKI).
Just as browsers provide certificate management facilities, so does the ASA in the form of trusted
certificate pool management facility: trustpools. This can be thought of as a special case of trustpoint
representing multiple known CA certificates. The ASA includes a default bundle of certificates, similar
to that provided with web browsers, but it is inactive until activated by the administrator by issuing the
crypto ca import default command.
Command Purpose
Step 1
webvpn
Switches to group policy webvpn configuration
mode.
Step 2
url-entry
Controls the ability of the user to enter any
HTTP/HTTP URL.
Step 3
(Optional) url-entry disable
Disables URL entry.
To Next Page
Loading...
Need help?
General
