ASA - SSL VPN Clientless - part 3 - Smart Tunnels

 

Smart tunnel is a connection between winsock 2(TCP) and destination site where ASA works as a proxy. You can,e.g. allow application on local host access resources on corporate network without installing VPN Client.

Asa appliance based on Windows process create smart-tunnel for this application only and block the rest of traffic.

 

CONFIGURATION

EXAMPLE 1

Allow putty application to reach any host on corporate network.

 

  • Go to Clientless SSL VPN Access - Portal - Smart Tunnels and configure smart tunnel list

 

asa-sslvpn-clientless-3-1.PNG

Click  "Add", type List name and again click"Add" to add entry for putty application.

asa-sslvpn-clientless-3-2.PNG

In Windows Manager you can check process responsible for this application

 asa-sslvpn-clientless-3-3.PNG

 

 asa-sslvpn-clientless-3-4.PNG

 

  •  Modify group-policy to enable smart-tunnels.
Go to Clientless SSL VPN Access - Group Policy and edit Danpol-group-policy(we created this policy in part1).
 
asa-sslvpn-clientless-3-5.PNG
 
asa-sslvpn-clientless-3-6.PNG

If you choose  "Auto Start" check box smart tunnel process will be started when user logs into the SSL VPN.

  •  Apply changes to system
 
 
TEST 
 
  • Log in into SSL VPN portal
asa-sslvpn-clientless-3-7.PNG
 
Start Smart tunnel for putty.
 
 asa-sslvpn-clientless-3-8.PNG

 

 "Push "Yes" and test access to corporate resources via putty

 

asa-sslvpn-clientless-3-9.PNG

 

 EXAMPLE 2

 Allow firefox browser for access to corporate resources

asa-sslvpn-clientless-3-10.PNG

Add firefox.exe process to smart-tunnel list.

 

  

  

dzbanek 2013-04-01

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.