Configure the Adaptive Security Appliance to Support WebVPN
WebVPN end-user interface

Home Page
The administrator designs this page to meet the individual requirements of the end user . Using this interface, the end user can conveniently and securely access the internal network of the organization from any computer that has an Internet connection. The end user can check e-mail, view or transfer files, visit internal corporate websites, or run internal web applications from any Web browser. The user navigates using the buttons provided within the WebVPN interface window. The following buttons are available:

  • Help – The user can click this icon to access this help system.
  • Show Toolbar – The user can click this icon to show the WebVPN Toolbar
  • Home – The user can click this icon to return to the home page.
  • Logout – The user can click this icon to end the remote access session.

Website Access and Browsing Files
If the administrator sets up end user accounts to access particular websites or file shares, one or more links appear under Websites on the home page of the end user . To access the website or file share, the end user simply clicks the link. If the site is protected, the end user will have to enter a username and password.

If the administrator has granted end user access to a server that is not specifically listed, the end user can enter the web address of the server directly in the Enter Web Address (URL) text box or the Enter Network Path text box. Alternately, the end user can browse the network by clicking the Browse Network link.

Once connected to a file share the end user can upload and download files, creates new folders, delete and rename files by clicking the appropriate links.

Whenever the end user is visiting a website via a secure remote access session, a toolbar appears on the webpage. The toolbar is to remind the end user the access is being provided through the corporate network.

Port Forwarding
The administrator can configure certain client/server applications for use by the end user. Starting Application Access, or Port Forwarding, opens a secure connection between the end user computer and the remote server. When the window is open or minimized, the connection is active. If the end user quits the window, the connection closes.

NOTE:

Port Forwarding requires Sun Microsystems Java Runtime Environment version 1.4 or later to be installed on the end user system. It can be downloaded automatically if needed.

The chart in the Application Access window lists the available applications and key details about the secure connection . This chart is display only. The end user cannot edit it, and clicking on a cell does not start the application.

WebVPN provides access to TCP-based applications by mapping application-specific ports on the PC of the end user to application specific ports on servers behind the Adaptive Security Appliance. When an end user accesses an application over WebVPN using hostnames to identify the application server, the ASA modifies the Windows Hosts file to include a mapping entry for that application.

The chart has the following fields:

  • Name – The name of an available client application.
  • Local – The hostname, or IP address, and TCP port to configure on the client application to allow communication with the remote server.
  • Remote – The hostname, or IP address, and TCP port of the remote server.
  • Bytes In/Out – The amount of data that this application receives or sends through the secure connection.
  • Sockets –The number of TCP connections that the application is using.
NOTE:

When using Microsoft Windows, the end user must close the Port Forwarding window when they finish using a client/server application. If they shut down the computer without closing this window, the end user might later have problems running these applications. The end user also might be unable to access the host of the application, such as a mail server.