Cisco Router and Security Device Manager 2.5 User Guide
Extended Cisco IOS SSL VPN
Downloads: This chapterpdf (PDF - 379.0KB) The complete bookPDF (PDF - 7.45MB) | Feedback

Cisco IOS SSL VPN Enhancements

Table Of Contents

Cisco IOS SSL VPN Enhancements

SSL VPN Reference

SSL VPN Context: Access Control Lists

Add or Edit Application ACL

Add ACL Entry

Action URL Time Range

Add or Edit Action URL Time Range Dialog

Add or Edit Absolute Time Range Entry

Add or Edit Periodic Time Range Entry


Cisco IOS SSL VPN Enhancements


This chapter explains how to configure SSL VPN enhancements available with Cisco IOS releases 12.4(9)T and 12.4(11)T.

SSL VPN Reference

SSL VPN Context: Access Control Lists

Add or Edit Application ACL

Add ACL Entry

Action URL Time Range

Add or Edit Action URL Time Range Dialog

Add or Edit Absolute Time Range Entry

Add or Edit Periodic Time Range Entry

SSL VPN Context: Access Control Lists

You can create Application ACLs to control access to specific URLs. This window displays the Application ACLs created for the selected context, and enables you to edit existing ACLs and create new ones.

Field Reference

Table 22-1 describes the fields in this screen.

Table 22-1 SSL VPN Access Control List Fields 

Element
Description
Access Control List

Add

To create an Application ACL, click Add and create the Application ACL in the displayed dialog.

Edit

To edit an Application ACL, choose the ACL and click Edit. Edit the ACL in the displayed dialog.

Delete

To delete an ACL choose the ACL and click Delete.

ACL Name

This table lists the names of the ACLs created for this context.

Details of ACL

Action

One of the following:

Permit—Access to the URL in this entry is allowed.

Deny—Access to the URL in this entry is denied.

URL

The URL to which the ACL controls access.

Action URL Time Range

The range or periods of time that this ACL is in effect.


Add or Edit Application ACL

Create or edit an application ACL in this window. Cisco IOS SSL VPN uses application ACLs to specify permitted and denied URLs. One ACL can consist of multiple entries.

Field Reference

Table 22-2 describes the fields in this screen.

Table 22-2 Add or Edit SSL VPN Context ACL Fields 

Element
Description

ACL Name

Enter a name for this ACL.

Add

To create an entry for this ACL, click Add and create the entry in the displayed dialog.

Edit

To modify an entry, select the entry and click Edit. Then modify it in the displayed dialog.

Delete

To remove an entry from this ACL, select the entry and click Delete.

List Area

Action

One of the following:

Permit—Access to the URL in this entry is permitted.

Deny—Access to the URL in this entry is denied.

URL

The URL to which this ACL entry controls access.

Action URL Time Range

The name of the time range applied to this ACL entry.


Add ACL Entry

Add or Edit an ACL entry in this window.

Field Reference

Table 22-3 describes the fields in this screen.

Table 22-3 Add or Edit SSL VPN Context ACL Entry Fields 

Element
Description

Action

Choose one of the following:

Permit—Allow access to the URL in this entry.

Deny—Deny access to the URL in this entry is denied.

URL

Any

To have this ACL entry apply to any URL, click Any.

Specific URL

To have this ACL entry apply to a URL that you specify, click Specific URL. Then, enter the URL in the field. Be sure to enter the entire URL. The following are examples of valid URLs:

http://www.cisco.com
https://www.foo.com
ftp://ftp.bad-down-loads.com

Action URL Time Range

The action URL time range can specify the start and end date for the action specified, as well as the time periods that the action is to be in effect.To place a time range entry in this field, click the button to the right of the field and choose one of the following:

Add Time Range List—Choose this option to create a new time range entry.

Select Time Range List—Choose this option to select an existing time range entry.

Remove Time Range List—Choose this option to remove the current time range entry.


Action URL Time Range

Add time range lists in this window. Time range lists specify when permit or deny actions are to be applied.

Field Reference

Table 22-4 describes the fields in this screen.

Table 22-4 Action URL Time Range Fields 

Element
Description
Time Range Entry

Add

To create a time range entry, click Add, and create the entry in the displayed dialog.

Edit

To edit an entry, select the entry, and click Edit. Make changes to the entry in the displayed dialog.

Delete

To remove an entry, select the entry and click Delete.

Item Name

The Item Name list displays the time range entries configured for this context.

Details of Action URL Time Range

The Details area displays additional information about the selected time range entry.

Type

One of the following:

Absolute—The time range specifies an absolute date. There can be a start date, and there can be an end date, or both.

Periodic—The time range specifies days of the week, so that you can include some days and not others. It can also specify a start time and an end time.

Period

If the entry type is Periodic, this column shows which days are included. The following examples show possible entries:

daily
weekdays
Sun, Tue, Sat

Start Time

The starting time and date is displayed for absolute entries, for example, 10:00 11 Nov 2007.

The starting time is displayed for periodic entries, for example 8:00.

End Time

The end time and date is displayed for absolute entries, for example, 10:00 11 Dec 2007.

The end time is displayed for periodic entries, for example 23:00.


Add or Edit Action URL Time Range Dialog

Create or edit a time range entry in this dialog. A time range entry can consist of multiple subentries.

Field Reference

Table 22-5 describes the fields in this screen.

Table 22-5 Time Range Fields 

Element
Description

Time Range Name

Enter a name for the time range.

Time Range Entry List Area

Type

One of the following:

Absolute—The time range specifies an absolute date. There can be a start date, and there can be an end date, or both.

Periodic—The time range specifies days of the week, so that you can include some days and not others. It can also specify a start time and an end time.

Period

If the entry type is Periodic, this column shows which days are included. The following examples show possible entries:

daily
weekdays
Sun, Tue, Sat

Start

The starting time and date is displayed for absolute entries, for example, 10:00 11 Nov 2007.

The starting time is displayed for periodic entries, for example 8:00.

End

The end time and date is displayed for absolute entries, for example, 10:00 11 Dec 2007.

The end time is displayed for periodic entries, for example 23:00.

Add

To add an entry, click Add, and choose Absolute, or Periodic. If an absolute entry has been added, the Absolute option is disabled.

Edit

To edit a time range entry, select the entry and click Edit.

Delete

To remove a time range entry, select the entry and click Delete.


Add or Edit Absolute Time Range Entry

Create or edit an absolute time range entry in this window. The time range can have a start date, and end date, or both.

Field Reference

Table 22-6 describes the fields in this screen.

Table 22-6 Absolute Time Range Fields 

Element
Description
Start

To specify a start date, click Start, and enter a date and time.

From Date

Enter the starting date in dd/mm/yyyy format. For example, entering 1/10/2007 specifies a start date of October 1, 2007.

Time

Enter the starting time in 24-hour format. For example, entering 13:00 specifies a starting time of 1:00 p.m.

End

To specify an end date, click End, and enter a date and time

Till Date

Enter the end date in dd/mm/yyyy format. For example, entering 1/1/2008 specifies an end date of January 1, 2008.

Time

Enter the ending time in 24-hour format. For example, entering 23:59 specifies an ending time of 11:59 p.m.


Add or Edit Periodic Time Range Entry

Create or edit a periodic time range entry in this window. You can specify which days to include in the range, and starting and ending days and times.

Field Reference

Table 22-7 describes the fields in this screen.

Table 22-7 Periodic Time Range Fields 

Element
Description

Period

Choose one of the following:

Specific weekdays—To select specific days, choose this option, and then check the boxes next to the days of the week that you want to include.

weekdays—To include only Monday, Tuesday, Wednesday, Thursday, and Friday, choose this option.

weekend—To include only Saturday, and Sunday, choose this option.

daily—To include each day of the week, choose this option.

From Day

This option is available when you choose Specific weekdays. Check the box next to one day of the week to specify the From day.

Till Day

This option is available when you choose Specific weekdays, and you have specified one From day. Click the button and choose the Till day from the list. If more than one From day is checked, this option is disabled.

Duration

Start Time

Enter the starting time in 24-hour format. For example, entering 13:00 specifies a starting time of 1:00 p.m.

End Time

Enter the ending time in 24-hour format. For example, entering 23:59 specifies an ending time of 11:59 p.m.