37-6
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 37 Configuring WebVPN
Getting Started with WebVPN
• Configuring SSO with HTTP Basic or NTLM Authentication
• Configuring SSO Authentication Using SiteMinder
• Configuring SSO with the HTTP Form Protocol
Configuring SSO with HTTP Basic or NTLM Authentication
This section describes single sign-on with HTTP Basic or NTLM authentication. You can configure the
security appliance to implement SSO using either or both of these methods. The auto-signon command
configures the security appliance to automatically pass WebVPN user login credentials (username and
password) on to internal servers. You can enter multiple auto-signon commands. The security appliance
processes them according to the input order (early commands take precedence). You specify the servers
to receive the login credentials using either IP address and IP mask, or URI mask.
Use the auto-signon command in any of three modes: webvpn configuration, webvpn group-policy
mode, or webvpn username mode. Username supersedes group, and group supersedes global. The mode
you choose depends upon scope of authentication you want:
The following example commands present various possible combinations of modes and arguments.
All Users, IP Address Range, NTLM
To configure auto-signon for all WebVPN users to servers with IP addresses ranging from 10.1.1.0 to
10.1.1.255 using NTLM authentication, for example, enter the following commands:
hostname(config)# webvpn
hostname(config-webvpn)# auto-signon allow ip 10.1.1.1 255.255.255.0
auth-type ntlm
All Users, URI Range, HTTP Basic
To configure auto-signon for all WebVPN users, using basic HTTP authentication, to servers defined by
the URI mask https://*.example.com/*, for example, enter the following commands:
hostname(config)# webvpn
hostname(config-webvpn)# auto-signon allow uri https://*.example.com/* auth-type basic
Group, URI Range, HTTP Basic and NTLM
To configure auto-signon for WebVPN users ExamplePolicy group policy, using either basic
or NTLM authentication, to servers defined by the URI mask https://*.example.com/*, for
example, enter the following commands:
hostname(config)# group-policy ExamplePolicy attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# auto-signon allow uri https://*.example.com/* auth-type all
Specific User, IP Address Range, HTTP Basic
To configure auto-signon for a user named Anyuser to servers with IP addresses ranging from 10.1.1.0
to 10.1.1.255 using HTTP Basic authentication, for example, enter the following commands:
Mode Scope
Webvpn configuration All WebVPN users globally
Webvpn group configuration A subset of WebVPN users defined by a group policy
Webvpn username configuration An individual WebVPN user
To Next Page
Loading...
Need help?
General