ASDM Book 3: Cisco ASA Series VPN ASDM Configuration Guide, 7.1

Index

A

AAA server group, add (group-policy) 4-9

Access Control Server 3-29

Accounting tab, tunnel group 4-96

ACE

add/edit/paste 4-38

Extended ACL tab 4-37

ACL

enabling IPSEC authenticated inbound sessions to bypass ACLs 4-108, 4-115

extended 4-37

for Clientless SSL VPN 4-46

standard 4-37

ACL Manager

Add/Edit/Paste ACE 4-38

dialog box 4-36

Active Directory procedures 10-2 to ??

address assignment, client 4-97

Address Pool panel, VPN wizard 2-4

address pools, tunnel group 4-97

Address Translation Exemption panel, VPN wizard 2-6

Advanced tab, tunnel group 4-97

anti-replay window size 3-12

application access

and e-mail proxy 15-7

and Web Access 15-7

configuring client applications 15-6

enabling cookies on browser 15-6

privileges 15-6

quitting properly 15-6

setting up on client 15-6

using e-mail 15-7

with IMAP client 15-7

Application Access Panel, WebVPN 16-2, 18-7

application access using WebVPN

and hosts file errors 19-1

quitting properly 19-2

Application Profile Customization Framework 13-13

ASA 5505

client

Xauth 4-111

Attributes Pushed to Client panel, VPN wizard 2-4

authentication

WebVPN users with digital certificates 16-10

Authentication tab, tunnel group 4-95

Authorization tab, tunnel group 4-95

B

Basic tab

IPSec LAN-to-LAN, General tab 4-100

bookmarks

configuring to access Kerberos 13-13

Browse ICMP 4-41

Browse Other 4-42

Browse Source or Destination Address 4-40

Browse Source or Destination Port 4-40

Browse Time Range 4-35

C

certificate

authentication, e-mail proxy 13-23

Client Address Assignment 4-97

Client Authentication panel, VPN wizard 2-3

Client Firewall tab 4-25

Clientless SSL VPN

client application requirements 15-2

client requirements 15-2

for file management 15-5

for network browsing 15-5

for web browsing 15-4

start-up 15-3

enable cookies for 15-6

printing and 15-3

remote requirements

for port forwarding 15-6

for using applications 15-6

remote system configuration and end-user requirements 15-3

security tips 15-2

supported applications 15-2

supported browsers 15-3

supported types of Internet connections 15-3

URL 15-3

username and password required 15-3

usernames and passwords 15-1

Client Update, edit , Windows and VPN 3002 clients 4-6

Client Update window, Windows and VPN 3002 clients 4-4

configuring ASA

to join Active Directory domain 13-5

configuring bookmarks

to access Kerberos 13-13

configuring DNS 13-4

configuring mobile user security services 4-69

configuring MUS 4-69

customizing the end-user experience

by the security appliance 4-2

D

dead time 13-5

default tunnel gateway 4-6

destination address, browse 4-40

destination port, browse 4-40

Device Pass-Through 4-111

DHCP

addressing, configuring 5-5

digital certificates

authenticating WebVPN users 16-10

disabling content rewrite 13-21

DNS

configuring 13-4

server, configuring 4-12

E

Easy VPN

client

Xauth 4-111

Easy VPN, advanced properties 4-111

Easy VPN client 4-109

Easy VPN Remote 4-109

e-mail

configuring for WebVPN 13-23

proxies, WebVPN 13-23

proxy, certificate authentication 13-23

WebVPN, configuring 13-23

e-mail proxy

and Clientless SSL VPN 15-7

Enable IPSec authenticated inbound sessions 4-108, 4-115

end-user interface, WebVPN, defining 16-1, 18-6

extended ACL 4-37

external group policy, configuring 4-8

F

firewall, client, configuring settings 4-25

firewall server, Zone Labs 4-108

fragmentation policy, IPsec 3-2

G

gateway, default tunnel gateway 4-6

global e-mail proxy attributes 13-23

group policy

external, configuring 4-8

split tunneling attributes 4-13

WINS and DNS servers 4-12

Group Policy window

add or edit, General tab 4-9, 4-29, 4-33

introduction 4-7

IPSec tab, add or edit 4-23

H

Hardware Client tab 4-26

hosts file

errors 19-1

reconfiguring 19-2

WebVPN 19-2

I

ICMP

add group 4-41

browse 4-41

ICMP Group 4-41

IKE Policy panel, VPN wizard 2-5

IP addresses

configuring an assignment method for remote access clients 5-1

configuring for VPNs 5-1

IPsec

Cisco VPN Client 3-9

fragmentation policy 3-2

IPSec rules

anti-replay window size 3-12

IPSec tab

internal group policy 4-23

IPSec LAN-to-LAN 4-102

tunnel group 4-98

J

join Active Directory domain 13-5

K

KCD 13-1, 13-2

Kerberos parameter 13-6

L

LDAP

example configuration procedures 10-2 to ??

M

maximum sessions, IPSec 4-107

Microsoft KCD 13-1, 13-2

MUS

configuring 4-69

N

NetBIOS server

tab 4-77

Network Admission Control

uses, requirements, and limitations 3-29

O

Outlook Web Access (OWA) and Clientless SSL VPN 15-7

P

password

Clientless SSL VPN 15-1

passwords

WebVPN 16-12

Port Forwarding

configuring client applications 15-6

posture validation

uses, requirements, and limitations 3-29

Posture Validation Exception, add/edit 3-30

PPP tab, tunnel-group 4-100

priority queueing

IPSec anti-replay window size 3-12

Protocol Group, add 4-42

proxy

See e-mail proxy

proxy bypass 14-11

Q

QoS

priority queueing

IPSec anti-replay window size 3-12

R

reactivation mode 13-5

realm 13-6

recurring time range, add or edit 4-36

rewrite, disabling 13-21

S

Server and URL List

add/edit 4-47

server group name 13-5

Server or URL

dialog box 4-48

smart tunnels 14-1

source address, browse 4-40

source port, browse 4-40

split tunneling

group policy 4-13

SSO with WebVPN

configuring HTTP form protocol 16-6

Standard Access List Rule, add/edit 4-47

Standard ACL tab 4-37

Summary panel, VPN wizard 2-6

Sun Microsystems Java™ Runtime Environment (JRE) and Clientless SSL VPN 15-6

Sun Microsystems Java™ Runtime Environment (JRE) and WebVPN 12-13

T

TCP Service Group, add 4-41

time range

add or edit 4-35

browse 4-35

recurring 4-36

toolbar, floating, WebVPN 16-3, 18-7

Tunneled Management 4-111

tunnel gateway, default 4-6

U

User Accounts panel, VPN wizard 2-4

username

Clientless SSL VPN 15-1

WebVPN 16-12

Xauth for Easy VPN client 4-111

V

virtual private network

overview 2-1

VPN

overview 2-1

system options 4-107

VPN Client, IPsec attributes 3-9

VPN Tunnel Type panel, VPN wizard 2-2

VPN wizard 2-1

Address Pool panel 2-4

Address Translation Exemption panel 2-6

Attributes Pushed to Client panel 2-4

Client Authentication panel 2-3

IKE Policy panel 2-5

Summary panel 2-6

User Accounts panel 2-4

VPN Tunnel Type panel 2-2

W

web browsing with Clientless SSL VPN 15-4

web e-Mail (Outlook Web Access), Outlook Web Access 13-23

WebVPN

authenticating with digital certificates 16-10

client application requirements 16-12

client requirements 16-12

configuring

e-mail 13-23

defining the end-user interface 16-1, 18-6

definition 11-1

e-mail 13-23

e-mail proxies 13-23

end user set-up 18-6

floating toolbar 16-3, 18-7

hosts file 19-2

hosts files, reconfiguring 19-2

security tips 16-12

supported applications 16-12

troubleshooting 19-1

usernames and passwords 16-12

use suggestions 15-2, 16-12, 18-6

WebVPN, Application Access Panel 16-2, 18-7

Windows Service Account

adding in Active Directory 13-4

WINS server, configuring 4-12

X

Xauth, Easy VPN client 4-111

Z

Zone Labs Integrity Server 4-108

Index

A

AAA server group, add (group-policy) 4-9

Access Control Server 3-29

Accounting tab, tunnel group 4-96

ACE

add/edit/paste 4-38

Extended ACL tab 4-37

ACL

enabling IPSEC authenticated inbound sessions to bypass ACLs 4-108, 4-115

extended 4-37

for Clientless SSL VPN 4-46

standard 4-37

ACL Manager

Add/Edit/Paste ACE 4-38

dialog box 4-36

Active Directory procedures 10-2 to ??

address assignment, client 4-97

Address Pool panel, VPN wizard 2-4

address pools, tunnel group 4-97

Address Translation Exemption panel, VPN wizard 2-6

Advanced tab, tunnel group 4-97

anti-replay window size 3-12

application access

and e-mail proxy 15-7

and Web Access 15-7

configuring client applications 15-6

enabling cookies on browser 15-6

privileges 15-6

quitting properly 15-6

setting up on client 15-6

using e-mail 15-7

with IMAP client 15-7

Application Access Panel, WebVPN 16-2, 18-7

application access using WebVPN

and hosts file errors 19-1

quitting properly 19-2

Application Profile Customization Framework 13-13

ASA 5505

client

Xauth 4-111

Attributes Pushed to Client panel, VPN wizard 2-4

authentication

WebVPN users with digital certificates 16-10

Authentication tab, tunnel group 4-95

Authorization tab, tunnel group 4-95

B

Basic tab

IPSec LAN-to-LAN, General tab 4-100

bookmarks

configuring to access Kerberos 13-13

Browse ICMP 4-41

Browse Other 4-42

Browse Source or Destination Address 4-40

Browse Source or Destination Port 4-40

Browse Time Range 4-35

C

certificate

authentication, e-mail proxy 13-23

Client Address Assignment 4-97

Client Authentication panel, VPN wizard 2-3

Client Firewall tab 4-25

Clientless SSL VPN

client application requirements 15-2

client requirements 15-2

for file management 15-5

for network browsing 15-5

for web browsing 15-4

start-up 15-3

enable cookies for 15-6

printing and 15-3

remote requirements

for port forwarding 15-6

for using applications 15-6

remote system configuration and end-user requirements 15-3

security tips 15-2

supported applications 15-2

supported browsers 15-3

supported types of Internet connections 15-3

URL 15-3

username and password required 15-3

usernames and passwords 15-1

Client Update, edit , Windows and VPN 3002 clients 4-6

Client Update window, Windows and VPN 3002 clients 4-4

configuring ASA

to join Active Directory domain 13-5

configuring bookmarks

to access Kerberos 13-13

configuring DNS 13-4

configuring mobile user security services 4-69

configuring MUS 4-69

customizing the end-user experience

by the security appliance 4-2

D

dead time 13-5

default tunnel gateway 4-6

destination address, browse 4-40

destination port, browse 4-40

Device Pass-Through 4-111

DHCP

addressing, configuring 5-5

digital certificates

authenticating WebVPN users 16-10

disabling content rewrite 13-21

DNS

configuring 13-4

server, configuring 4-12

E

Easy VPN

client

Xauth 4-111

Easy VPN, advanced properties 4-111

Easy VPN client 4-109

Easy VPN Remote 4-109

e-mail

configuring for WebVPN 13-23

proxies, WebVPN 13-23

proxy, certificate authentication 13-23

WebVPN, configuring 13-23

e-mail proxy

and Clientless SSL VPN 15-7

Enable IPSec authenticated inbound sessions 4-108, 4-115

end-user interface, WebVPN, defining 16-1, 18-6

extended ACL 4-37

external group policy, configuring 4-8

F

firewall, client, configuring settings 4-25

firewall server, Zone Labs 4-108

fragmentation policy, IPsec 3-2

G

gateway, default tunnel gateway 4-6

global e-mail proxy attributes 13-23

group policy

external, configuring 4-8

split tunneling attributes 4-13

WINS and DNS servers 4-12

Group Policy window

add or edit, General tab 4-9, 4-29, 4-33

introduction 4-7

IPSec tab, add or edit 4-23

H

Hardware Client tab 4-26

hosts file

errors 19-1

reconfiguring 19-2

WebVPN 19-2

I

ICMP

add group 4-41

browse 4-41

ICMP Group 4-41

IKE Policy panel, VPN wizard 2-5

IP addresses

configuring an assignment method for remote access clients 5-1

configuring for VPNs 5-1

IPsec

Cisco VPN Client 3-9

fragmentation policy 3-2

IPSec rules

anti-replay window size 3-12

IPSec tab

internal group policy 4-23

IPSec LAN-to-LAN 4-102

tunnel group 4-98

J

join Active Directory domain 13-5

K

KCD 13-1, 13-2

Kerberos parameter 13-6

L

LDAP

example configuration procedures 10-2 to ??

M

maximum sessions, IPSec 4-107

Microsoft KCD 13-1, 13-2

MUS

configuring 4-69

N

NetBIOS server

tab 4-77

Network Admission Control

uses, requirements, and limitations 3-29

O

Outlook Web Access (OWA) and Clientless SSL VPN 15-7

P

password

Clientless SSL VPN 15-1

passwords

WebVPN 16-12

Port Forwarding

configuring client applications 15-6

posture validation

uses, requirements, and limitations 3-29

Posture Validation Exception, add/edit 3-30

PPP tab, tunnel-group 4-100

priority queueing

IPSec anti-replay window size 3-12

Protocol Group, add 4-42

proxy

See e-mail proxy

proxy bypass 14-11

Q

QoS

priority queueing

IPSec anti-replay window size 3-12

R

reactivation mode 13-5

realm 13-6

recurring time range, add or edit 4-36

rewrite, disabling 13-21

S

Server and URL List

add/edit 4-47

server group name 13-5

Server or URL

dialog box 4-48

smart tunnels 14-1

source address, browse 4-40

source port, browse 4-40

split tunneling

group policy 4-13

SSO with WebVPN

configuring HTTP form protocol 16-6

Standard Access List Rule, add/edit 4-47

Standard ACL tab 4-37

Summary panel, VPN wizard 2-6

Sun Microsystems Java™ Runtime Environment (JRE) and Clientless SSL VPN 15-6

Sun Microsystems Java™ Runtime Environment (JRE) and WebVPN 12-13

T

TCP Service Group, add 4-41

time range

add or edit 4-35

browse 4-35

recurring 4-36

toolbar, floating, WebVPN 16-3, 18-7

Tunneled Management 4-111

tunnel gateway, default 4-6

U

User Accounts panel, VPN wizard 2-4

username

Clientless SSL VPN 15-1

WebVPN 16-12

Xauth for Easy VPN client 4-111

V

virtual private network

overview 2-1

VPN

overview 2-1

system options 4-107

VPN Client, IPsec attributes 3-9

VPN Tunnel Type panel, VPN wizard 2-2

VPN wizard 2-1

Address Pool panel 2-4

Address Translation Exemption panel 2-6

Attributes Pushed to Client panel 2-4

Client Authentication panel 2-3

IKE Policy panel 2-5

Summary panel 2-6

User Accounts panel 2-4

VPN Tunnel Type panel 2-2

W

web browsing with Clientless SSL VPN 15-4

web e-Mail (Outlook Web Access), Outlook Web Access 13-23

WebVPN

authenticating with digital certificates 16-10

client application requirements 16-12

client requirements 16-12

configuring

e-mail 13-23

defining the end-user interface 16-1, 18-6

definition 11-1

e-mail 13-23

e-mail proxies 13-23

end user set-up 18-6

floating toolbar 16-3, 18-7

hosts file 19-2

hosts files, reconfiguring 19-2

security tips 16-12

supported applications 16-12

troubleshooting 19-1

usernames and passwords 16-12

use suggestions 15-2, 16-12, 18-6

WebVPN, Application Access Panel 16-2, 18-7

Windows Service Account

adding in Active Directory 13-4

WINS server, configuring 4-12

X

Xauth, Easy VPN client 4-111

Z

Zone Labs Integrity Server 4-108