Configuring User Attributes - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 30 Configuring Tunnel Groups, Group Policies, and Users
The default is that permanent installation of the SVC is disabled. The SVC uninstalls from the remote
computer at the end of the SVC session.
The following example configures the security appliance to keep the SVC installed on the remote
computer for this group:
hostname(config-group-webvpn)# svc keep-installer installed
hostname(config-group-webvpn)#
Step 6 To enable the SVC to perform a rekey on an SVC session, use the svc rekey command. To disable rekey
and remove the command from the configuration, use the no form of this command:
hostname(config-group-webvpn)# svc rekey {method {ssl | new-tunnel} | time minutes |
none}}
hostname(config-group-webvpn)# no svc rekey {method {ssl | new-tunnel} | time minutes |
none}}
hostname(config-group-webvpn)#
By default, SVC rekey is disabled.
Specifying the method as new-tunnel specifies that the SVC establishes a new tunnel during SVC rekey.
Specifying the method as none disables SVC rekey. Specifying the method as ssl specifies that SSL
renegotiation takes place during SVC rekey. instead of specifying the method, you can specify the time;
that is, the number of minutes from the start of the session until the re-key takes place, from 1 through
10080 (1 week).
For the no form of the command, only the minimum is necessary, as the following example shows:
hostname(config-username-webvpn)# no svc rekey method
hostname(config-username-webvpn)#
If, however, you specify the method as new-tunnel:
hostname(config-username-webvpn)# no svc rekey method new-tunnel
hostname(config-username-webvpn)#
but the current method is ssl, then the command fails, because the values don't match.
In the following example, the user configures the SVC to renegotiate with SSL during rekey and
configures the rekey to occur 30 minutes after the session begins:
hostname(config-group-webvpn)# svc rekey method ssl
hostname(config-group-webvpn)# svc rekey time 30
hostname(config-group-webvpn)#

Configuring User Attributes

This section describes user attributes and how to configure them. It includes the following sections:
•
•
By default, users inherit all user attributes from the assigned group policy. The security appliance also
lets you assign individual attributes at the user level, overriding values in the group policy that applies
to that user. For example, you can specify a group policy giving all users access during business hours,
but give a specific user 24-hour access.
OL-10088-01
Viewing the Username Configuration, page 30-70
Configuring Attributes for Specific Users, page 30-70
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-69