Table Of Contents
Displaying Multiple Languages to SSL VPN Users
This guide describes the procedure to configure a Cisco ASA5500 Series Adaptive Security Appliance to present screens and messages in multiple languages to remote SSL VPN users. This includes screens displayed by the browser-launched Clientless SSL VPN connection and messages displayed on the user interface of the AnyConnect VPN Client.
How Translation Works
Clientless SSL VPN Connection Translation
Users can communicate their preferred language to the security appliance by configuring a list of languages in the browser language options. The list is ordered so that languages at the top of the list have the highest priority. When the user establishes a clientless SSL VPN connection, the security appliance receives the list of languages including their priorities, and matches the list with its own list of languages specified in the customization object used by the connection profile.
Each language specified in the list on the security appliance must have a corresponding translation table residing in cache memory. The translation table is an XML file with strings for all translatable user messages.
Starting with the highest priority language, the security appliance tries to match the preferred language of the browser in the list of languages. If it finds a match, the logon page and all subsequent pages display this language. If no match is found, it continues to look for a match in the order configured in the browser list. If there is no match in the entire list, it displays the pages in the fallback language specified in the customization object (English, by default).
The languages on the security appliance are labels for the translation tables. The languages must mirror those of the browser, and may consist of groups of up to 8 alphanumeric characters (starting from alpha characters), separated by hyphens. For example, fr-FR-paris-univ8.
When looking for a match, the security appliance starts with the longest language name, and if it does not match, it discards the rightmost group of the name. For example, if the preferred language on the browser is fr-FR-paris-univ8, and the security appliance supports fr-FR-paris-univ8, fr-FR-paris, fr-FR, and fr, it matches fr-FR-paris-univ8 and uses the translated strings from that translation table. If fr is the only language on the security appliance, the security appliance considers it a match also, and uses that translation table.
You can also provide a manual override of this language negotiation, for the user, by enabling the Language Selector drop-list on the login page. The user can manually select the preferred language to display.
AnyConnect SSL VPN Client Translation
The AnyConnect SSL VPN client uses a different set of translation tables than those used by the clientless portal. The security appliance downloads all available translation tables that affect client screens during client installation. When the user launches the client on the remote PC, the client detects the preferred language and applies the appropriate translation table. For Windows, the client detects the locale specified during installation of the operating system (the LANGUAGE env variable overrides locale). For non-Windows systems, the client detects the LANGUAGE variable.
For our use case, we consider a national company in Canada with two groups of users—French-speaking and English-speaking.
Because the security appliance displays English by default, our tasks center around enabling French as the second language. Complete the following steps:
Step 1 Download the latest French translation package.
Go to the Software Download Page at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. Figure 1 shows a portion of the table of available software packages, including the French translation package, translation-kit-8.0.3-fr.zip. Select this package to download to your PC.
Figure 1 Translation Packages on the Cisco Software Download Page
Extract the files of the package to a temporary folder. The package contains files for customizing help screens on the portal page (.inc extension) and files used as translation tables (.po extension). In the next step, you will import AnyConnect.po and customization.po to the security appliance.
Step 2 Import the translation tables.
See Figure 2.
Go to: Language Localization > Translation Tables (1).
Click Import (2). The Import Language Localization window opens (3).
The AnyConnect.po file provided in the translation package translates the AnyConnect client GUI. Specify the language as fr-ca—the abbreviation for French spoken in Canada. Specify the Localization Template Name as AnyConnect. This ensures the security appliance applies the table to the AnyConnect client GUI. In the Select a File area, specify the filename AnyConnect.po. Click Import Now to import the file.
Repeat the process to import the customization.po file that translates the portal page. For Language, specify fr-ca for French spoken in Canada. Select Customization as the Localization Template Name. This ensures the security appliance applies the table to the portal page translation.
Figure 2 Importing Translation Tables
Step 3 Customize French translations.
See Figure 3.
Customize any messages, as necessary, in the French translation table.
Go to Language Localization > Translation Tables (1). Select the French translation table (fr-ca) for either the AnyConnect table (translations client messages) or the customization table (translates portal screens) and click Edit (2). The Edit Language Localization Entry window displays.
Edit any messages that you want to change in this window (3).
Figure 3 Customizing Translation Table
Step 4 Specify the languages in the customization object.
See Figure 4.
Go to: Clientless SSL VPN Access > Portal > Customization (1).
In the Customization Objects table, select DfltCustomization and click Edit (2). The Customization Editor displays in a browser window.
In the navigation pane, click Languages (3). In the Languages field, enter fr-ca, en (4). This creates a list of languages on the security appliance for matching purposes with the preferred language of the browser.
Figure 4 Specify Languages in the Customization Object
Step 5 Enable the Language Selector drop-down list.
Users can use the Language Selector to manually select the language of choice when the negotiated language is not satisfactory.
Change Mode to Enable (2) and enter fr-ca in the Code field and français in the Text field (3). Be sure to save your changes.
Figure 5 Enable the Language Selector
CCVP, the Cisco logo, and Welcome to the Human Network are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networkers, Networking Academy, Network Registrar, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0711R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.