1-32
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Clientless SSL VPN
Accessing Virtual Desktop Infrastructure (VDI)
The CSCO_WEBVPN_MACRO1 macro substitution with RADIUS is performed by VSA#223 (see
Table 1-2).
A value such as www.cisco.com/email dynamically populates a bookmark on the Clientless SSL
VPN portal, such as https://CSCO_WEBVPN_MACRO1 or https://CSCO_WEBVPN_MACRO2
for the particular DAP or group policy.
• CSCO_WEBVPN_MACRO2 —set with RADIUS-LDAP Vendor Specific Attribute (VSA). If you
are mapping from LDAP with an ldap-attribute-map command, use the
WebVPN-Macro-Substitution-Value2 Cisco attribute for this macro. See the Active Directory
ldap-attribute-mapping examples at
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ref_extserver.html#wp1572118.
The CSCO_WEBVPN_MACRO2 macro substitution with RADIUS is performed by VSA#224 (see
Table 1-2).
Each time clientless SSL VPN recognizes one of these six strings in an end-user request (in the form of
a bookmark or Post Form), it replaces the string with the user-specified value and then passes the request
to a remote server.
If the lookup of the username and password fails on the ASA, an empty string is substituted, and the
behavior converts back as if no auto sign-in is available.
Note
Accessing Virtual Desktop Infrastructure (VDI)
In a VDI model, administrators publish enterprise applications or desktops pre-loaded with enterprise
applications, and end users remotely access these applications. These virtualized resources appear just
as any other resources, such as email, so that users do not need to go through a Citrix Access Gateway
to access them. Users log onto the ASA using Citrix Receiver mobile client, and the ASA connects to a
pre-defined Citrix XenApp or XenDesktop Server. The administrator must configure the Citrix server’s
address and logon credentials under Group Policy so that when users connect to their Citrix Virtualized
resource, they enter the ASA’s SSL VPN IP address and credentials instead of pointing to the Citrix
Server’s address and credentials. When the ASA has verified the credentials, the receiver client starts to
retrieve entitled applications through the ASA.
Supported Mobile Devices
• iPad—Citrix Receiver version 4.x or later
• iPhone/iTouch—Citrix Receiver version 4.x or later
• Android 2.x/3.x/4.0/4.1 phone—Citrix Receiver version 2.x or later
• Android 4.0 phone—Citrix Receiver version 2.x or later
Table 1-2 VSA#223
WebVPN-Macro-Value1 Y 223 String Single Unbounded
WebVPN-Macro-Value2 Y 224 String Single Unbounded
To Next Page
Loading...
Need help?
General
