Cisco PIX 500 Series Configuration Manual page 703

Chapter 30 Configuring Connection Profiles, Group Policies, and Users
Configuring SVC
The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an
IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients
on remote computers. The SVC uses the SSL encryption that is already present on the remote computer
as well as the login and authentication required to access the security appliance.
To establish an SVC session, the remote user enters the IP address of an interface of the security
appliance configured to support clientless SSL VPN sessions. The browser connects to that interface and
displays the login screen. If the user satisfies the login and authentication, and the security appliance
identifies the user as requiring the SVC, the security appliance downloads the SVC to the remote
computer. If the security appliance identifies the user as having the option to use the SVC, the security
appliance downloads the SVC to the remote computer while presenting a link on the user screen to skip
the SVC installation.
After downloading, the SVC installs and configures itself, and then the SVC either remains or uninstalls
itself (depending on the configuration) from the remote computer when the connection terminates.
The security appliance might have several unique SVC images residing in cache memory for different
remote computer operating systems. When the user attempts to connect, the security appliance can
consecutively download portions of these images to the remote computer until the image and operating
system match, at which point it downloads the entire SVC. You can order the SVC images to minimize
connection setup time, with the first image downloaded representing the most commonly-encountered
remote computer operating system. For complete information about installing and using SVC, see
Chapter 38, "Configuring AnyConnect VPN Client
After enabling SVC, as described in
you can enable or require SVC features for a specific user. This feature is disabled by default. If you
enable or require SVC, you can then enable a succession of svc commands, described in this section. To
enable SVC and its related svc commands, do the following steps in username webvpn configuration
mode:
Step 1 To enable the security appliance to download SVC files to remote computers, enter the svc enable
command. By default, this command is disabled. The security appliance does not download SVC files.
To remove the svc enable command from the configuration, use the no form of this command.
hostname(config-username-webvpn)# svc {none | enable | required}
hostname(config-username-webvpn)#
Entering the no svc enable command does not terminate active SVC sessions.
Note
hostname(config)# username sales attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# svc enable
hostname(config-username-webvpn)#
To enable compression of HTTP data over an SVC connection, for a specific user, enter the svc
Step 2
compression command. By default, SVC compression is set to deflate (enabled). To disable compression
for a specific user, use the none keyword. To remove the svc compression command and cause the value
to be inherited, use the no form of the command:
hostname(config-username-webvpn)# svc compression {deflate | none}
hostname(config-username-webvpn)#
The following example disables SVC compression for the user named sales:
hostname(config)# username sales attributes
OL-12172-03
Connections".
Chapter 38, "Configuring AnyConnect VPN Client
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
Connections",
30-87