1-55
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Configuring Application Access
Configuring and Applying Smart Tunnel Policy
The smart tunnel policy requires a per group policy/username configuration. Each group
policy/username references a globally configured list of networks. When the smart tunnel is turned on,
you can allow traffic outside of the tunnel with the use of 2 CLIs: one configures the network (a set of
hosts), and the other uses the specified smart-tunnel network to enforce a policy on a user. The following
commands create a list of hosts to use for configuring smart tunnel policies:
Detailed Steps
Command Purpose
Step 1
smart-tunnel auto-start list
OR
smart-tunnel enable list
OR
smart-tunnel disable
OR
no smart-tunnel [auto-start list | enable list |
disable]
Starts smart tunnel access automatically upon user
login.
Enables smart tunnel access upon user login, but
requires the user to start smart tunnel access
manually, using the Application Access > Start
Smart Tunnels button on the clientless SSL VPN
portal page.
Prevents smart tunnel access.
Removes a smart-tunnel command from the group
policy or username configuration, which then
inherits the [no] smart-tunnel command from the
default group-policy. The keywords following the
no smart-tunnel command are optional, however,
they restrict the removal to the named smart-tunnel
command.
Step 2
Refer to Automating Smart Tunnel Access for the option you
want to use.
Command Purpose
Step 1
webvpn
Switches to webvpn configuration mode.
Step 2
[no] smart-tunnel network <network name> ip <ip>
<netmask>
Creates a list of hosts to use for configuring smart
tunnel policies. <network name> is the name to
apply to the tunnel policy. <ip> is the IP address of
the network. <netmask> is the netmask of the
network.
To Next Page
Loading...
Need help?
General