A smart tunnel is a connection between a TCP-based application and a private site, using a clientless (browser-based) SSL VPN session with the security appliance as the pathway, and the adaptive security appliance as a proxy server. You can identify applications to which you want to grant smart tunnel access, and specify the local path to each application. For applications running on Microsoft Windows, you can also require a match of the SHA-1 hash of the checksum as a condition for granting smart tunnel access.
Lotus SameTime and Microsoft Outlook Express are examples of applications to which you might want to grant smart tunnel access.
Configuring smart tunnels requires one of the following procedures, depending on whether the application is a client or is a web-enabled application:
•Create one or more smart tunnel lists of the client applications, then assign the list to the group policies or local user policies for whom you want to provide smart tunnel access.
•Create one or more bookmark list entries that specify the URLs of the web-enabled applications eligible for smart tunnel access, then assign the list to the Dynamic Access Policies (DAPS)or group policies, or local user policies for whom you want to provide smart tunnel access.
You can also list web-enabled applications for which to automate the submission of login credentials in smart tunnel connections over clientless SSL VPN sessions.
The remote host originating the smart tunnel connection must be running Microsoft Windows Vista, Windows XP, or Windows 2000, and the browser must be enabled with Java, Microsoft ActiveX, or both. Support for Windows 7 and IE 8.0 and MAC OSX 10.6.x with Safari 4.x will be added in in Release version 8.3 (to Beta in late fall 2009).a
Please refer to the Smart Tunnel Configuraiton Guide for details on setup and applicability.
I. Smart Tunnel capabilities as of ASA version 8.2.x:
Example: Enable ST option for a process or within bookmark#1 (which hooks IE used to initiate the session). Opening a separate IE browser instance will tunnel all traffic through the ASA, if the new browser window belongs to the same process. All browser tabs traffic of this browser will be smart tunneled, even for those bookmarks( ie. bookmark#2) not specifically smart tunneled. You must use a different browser (ie. FireFox) in this case if you want some of your traffic (ie. bookmark#2) not to be smart tunneled.
Note:Smart-tunnel split-tunnelling capability will be available in the next major ASA rellease 8.3.1 release (to go t oBeta in late fall 2009).
From 8.3.1 onwards, on Windows, Smart Tunnel will be turned off once all browser windows
(note: not tabs, but all browser windows) have been closed. Alternatively, in 8.3.1 the admin can choose to provide a log out icon so that the session can survive closing all browsers while the user can still log out from the icon.
http://www/en/US/docs/security/asa/asa80/configuration/guide/webvpn.html#wp1096902
program, java.exe, jp2launcher.exe
II. Smart Tunnel capabilities being introduced in ASA version 8.3.x (to Beta in late fall 2009)