Cisco PIX 500 Series Configuration Manual page 705
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
Configuring User Attributes
hostname(config-username-webvpn)#
The default is that permanent installation of the SVC is disabled. The SVC uninstalls from the remote
computer at the end of the SVC session.
The following example configures the security appliance to keep the SVC installed on the remote
computer for this user:
hostname(config-username-webvpn)# svc keep-installer installed
hostname(config-username-webvpn)#
Step 6
To enable the SVC to perform a rekey on an SVC session, use the svc rekey command:
hostname(config-username-webvpn)# svc rekey {method {ssl | new-tunnel} | time minutes |
none}}
To disable rekey and remove the command from the configuration, use the no form of this command:
hostname(config-username-webvpn)# no svc rekey [method {ssl | new-tunnel} | time minutes |
none}]
hostname(config-username-webvpn)#
By default, SVC rekey is disabled.
Specifying the method as new-tunnel specifies that the SVC establishes a new tunnel during SVC rekey.
Specifying the method as none disables SVC rekey. Specifying the method as ssl specifies that SSL
renegotiation takes place during SVC rekey. instead of specifying the method, you can specify the time;
that is, the number of minutes from the start of the session until the re-key takes place, from 1 through
10080 (1 week).
For the no form of the command, only the minimum is necessary. The following example is correct:
hostname(config-username-webvpn)# no svc rekey method
hostname(config-username-webvpn)#
If, however, you specify the method as new-tunnel:
hostname(config-username-webvpn)# no svc rekey method new-tunnel
hostname(config-username-webvpn)#
and the current method is ssl, then the command fails, because the values don't match.
In the following example, the user configures the SVC to renegotiate with SSL during rekey and
configures the rekey to occur 30 minutes after the session begins:
hostname(config-username-webvpn)# svc rekey method ssl
hostname(config-username-webvpn)# svc rekey time 30
hostname(config-username-webvpn)#
Cisco Security Appliance Command Line Configuration Guide
30-89
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
