Create Port Forwarding Application Maps
You must create a port forwarding application map for each application the ASA 55x0 will
need to port forward. This mapping information will be used by the ASA 55x0 to modify the
host file on the end user’s PC with mapping information. An application entry uses a
hostname or IP address as a unique identifier for port forwarding. This identifier must be
constant; otherwise the end user will be required to modify how these applications are
accessed each time the WebVPN service is used. The use of hostnames is recommended, as it
streamlines access to the application for the end user.
For the WebVPN service, a hostname can be configured with the IP address of the server the
application resides on, as well as the port number from the end user’s computer, which is
required to access the application. This will give the end user a simpler way to access the
application. For example, if the end user needs to telnet to server 10.2.2.12 port 2222, which
Example 13-12 Assigning a URL List
tgasa(config)# group-policy REMOTE1 attributes
tgasa(config-group-policy)# webvpn
tgasa(config-group-webvpn)# url-list value URLS
tgasa(config-group-webvpn)# exit
NOTE The Java applet used for modifying the hosts file is sometimes seen as a malicious
attack by antivirus and antispyware applications. Disabling checking of the hosts file might
be necessary.
368 Chapter 13: Virtual Private Networks
has been assigned the hostname “Shell” in the Security Appliance, one of the following can
be done:
■ IP address—The end user must use telnet 10.2.2.12 2222 to access the specific server on
that port.
■ Hostname—The end user must use telnet Shell to access the server located at 10.2.2.12
on port 2222.
Each application must be entered separately, using the port-forward command in globalconfiguration
mode:
port-forward {listname localport remoteserver remoteport description}
For example:
tgasa(config)# port-forward HRApps 2222 10.2.2.12 20351 HR APP
To configure multiple applications within a single list group, the same listname is required.
Table 13-13 describes the arguments for the port-forward command.