Assign a Port Forward Application List to a User or Group-Policy
Once you create the application list, you must assign it to a username or group-policy in a
fashion similar to URL lists. To assign an application list to a username or group-policy, the
WebVPN mode is entered within either configuration mode. The functions command is then
used to enable port-forwarding for the username or group-policy:
tgasa(config-group-webvpn)# functions port-forwarding
Table 13-13 port-forward Command Arguments
Command Description
listname Groups the set of applications WebVPN users can access. Maximum 64
characters.
localport Sets the local port that listens for TCP traffic for an application. This port
number must be unique per listname. Recommended TCP ports are from
1024 to 65,535.
remoteserver Sets the DNS name or IP address of the remote server for an application.
remoteport Sets the port to connect to for this application on the remote server.
description Provides the application name or description that displays on the end user
port forwarding Java applet. Maximum 64 characters.
Configuring the Security Appliance as a WebVPN Gateway 369
Once you have enabled port forwarding, you can assign an application list. Use the portforwarding
command while in the WebVPN mode of a username or group-policy
configuration mode to accomplish this task:
port-forwarding {value listname | none}
Example 13-13 shows the configuration of an application list on an ASA 5520 Security
Appliance.