1-42
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Configuring Browser Access to Plug-ins
Providing Access to a Citrix XenApp Server
As an example of how to provide clientless SSL VPN browser access to third-party plug-ins, this section
describes how to add clientless SSL VPN support for the Citrix XenApp Server Client.
With a Citrix plug-in installed on the ASA, clientless SSL VPN users can use a connection to the ASA
to access Citrix XenApp services.
A stateful failover does not retain sessions established using the Citrix plug-in. Citrix users must
reauthenticate after failover.
To provide access to the Citrix plug-in, follow the procedures in the following sections.
• Preparing the Citrix XenApp Server for Clientless SSL VPN Access
• Creating and Installing the Citrix Plug-in
Preparing the Citrix XenApp Server for Clientless SSL VPN Access
You must configure the Citrix Web Interface software to operate in a mode that does not use the (Citrix)
“secure gateway.” Otherwise, the Citrix client cannot connect to the Citrix XenApp Server.
Note If you are not already providing support for a plug-in, you must follow the instructions in the“Preparing
the Security Appliance for a Plug-in” section on page 1-39 before using this section.
Creating and Installing the Citrix Plug-in
To create and install the Citrix plug-in, perform the following steps:
Command Purpose
Step 1
import webvpn plug-in protocol [ rdp | rdp2 |
ssh,telnet | vnc ]
URL
Example:
hostname# import webvpn plug-in protocol ssh,telnet
tftp://local_tftp_server/plugins/ssh-plugin.jar
Accessing
tftp://local_tftp_server/plugins/ssh-plugin.jar...!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Writing file disk0:/csco_config/97/plugin/ssh...
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
238510 bytes copied in 3.650 secs (79503 bytes/sec)
Installs the plug-in onto the flash device of the ASA.
protocol is one of the following values: ssh,telnet
provides plug-in access to both Secure Shell and
Telnet services.
Note Do not enter this command once for SSH
and once for Telnet. When typing the
ssh,telnet string, do not insert a space.
URL is the remote path to the plug-in .jar file. Enter
the host name or address of the TFTP or FTP server
and the path to the plug-in.
Step 2
Use the following command to revert the plug-in:
revert webvpn plug-in protocol protocol
Example:
hostname# revert webvpn plug-in protocol rdp
Disables and removes clientless SSL VPN support
for a plug-in, as well as removing it from the flash
drive of the ASA.
To Next Page
Loading...
Need help?
General
