Cisco FirePOWER ASA 5500 series Configuration Manual page 621

Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
Configuring SVC
The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an
IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients
on remote computers. The SVC uses the SSL encryption that is already present on the remote computer
as well as the WebVPN login and authentication of the security appliance.
To establish an SVC session, the remote user enters the IP address of a WebVPN interface of the security
appliance in the browser, and the browser connects to that interface and displays the WebVPN login
screen. If the user satisfies the login and authentication, and the security appliance identifies the user as
requiring the SVC, the security appliance downloads the SVC to the remote computer. If the security
appliance identifies the user as having the option to use the SVC, the security appliance downloads the
SVC to the remote computer while presenting a link on the user screen to skip the SVC installation.
After downloading, the SVC installs and configures itself, and then the SVC either remains or uninstalls
itself (depending on the configuration) from the remote computer when the connection terminates.
The security appliance might have several unique SVC images residing in cache memory for different
remote computer operating systems. When the user attempts to connect, the security appliance can
consecutively download portions of these images to the remote computer until the image and operating
system match, at which point it downloads the entire SVC. You can order the SVC images to minimize
connection setup time, with the first image downloaded representing the most commonly-encountered
remote computer operating system. For complete information about installing and using SVC, see
Chapter 38, "Configuring SSL VPN
After enabling SVC, as described in
require SVC features for a specific group. This feature is disabled by default. If you enable or require
SVC, you can then enable a succession of svc commands, described in this section. To enable SVC and
its related svc commands, do the following steps in group-policy webvpn configuration mode:
To enable the security appliance to download SVC files to remote computers, enter the svc enable
Step 1
command. By default, this command is disabled. The security appliance does not download SVC files.
To remove the svc enable command from the configuration, use the no form of this command.
hostname(config-group-webvpn)# svc
hostname(config-group-webvpn)#
Note Entering the no svc enable command does not terminate active SVC sessions.
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc enable
hostname(config-group-webvpn)#
To enable compression of HTTP data over an SVC connection, for a specific group, enter the svc
Step 2
compression command. By default, SVC compression is set to deflate (enabled). To disable compression
for a specific group, use the none keyword. To remove the svc compression command and cause the
value to be inherited, use the no form of the command:
hostname(config-group-webvpn)# svc compression {deflate | none}
hostname(config-group-webvpn)#
The following example disables SVC compression for the group policy named sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc compression none
hostname(config-group-webvpn)#
OL-10088-01
Client".
Chapter 38, "Configuring SSL VPN
{none | enable | required}
Cisco Security Appliance Command Line Configuration Guide
Group Policies
Client", you can enable or
30-67