ASA – SSL VPN Clientless – part 3 – Smart Tunnels

Smart tunnel is a connection between winsock 2(TCP) and destination site where ASA works as a proxy. You can,e.g. allow application on local host access resources on corporate network without installing VPN Client.

Asa appliance based on Windows process create smart-tunnel for this application only and block the rest of traffic.

 

CONFIGURATION

EXAMPLE 1

Allow putty application to reach any host on corporate network.

 

  • Go to Clientless SSL VPN Access – Portal – Smart Tunnels and configure smart tunnel list

 

asa-sslvpn-clientless-3-1.PNG

Click  “Add”, type List name and again click”Add” to add entry for putty application.

asa-sslvpn-clientless-3-2.PNG

In Windows Manager you can check process responsible for this application

asa-sslvpn-clientless-3-3.PNG

 

asa-sslvpn-clientless-3-4.PNG

 

  •  Modify group-policy to enable smart-tunnels.
Go to Clientless SSL VPN Access – Group Policy and edit Danpol-group-policy(we created this policy in part1).
asa-sslvpn-clientless-3-5.PNG
asa-sslvpn-clientless-3-6.PNG

If you choose  “Auto Start” check box smart tunnel process will be started when user logs into the SSL VPN.

  •  Apply changes to system
TEST 
  • Log in into SSL VPN portal
asa-sslvpn-clientless-3-7.PNG
Start Smart tunnel for putty.
 asa-sslvpn-clientless-3-8.PNG

 

“Push “Yes” and test access to corporate resources via putty

 

asa-sslvpn-clientless-3-9.PNG

 

 EXAMPLE 2

 Allow firefox browser for access to corporate resources

asa-sslvpn-clientless-3-10.PNG

Add firefox.exe process to smart-tunnel list.

 

 

 

dzbanek 2013-04-01