Cisco FirePOWER ASA 5500 series Configuration Manual page 639
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
To enable the security appliance to download SVC files to remote computers, enter the svc enable
Step 1
command. By default, this command is disabled. The security appliance does not download SVC files.
To remove the svc enable command from the configuration, use the no form of this command.
hostname(config-username-webvpn)# svc {none | enable | required}
hostname(config-username-webvpn)#
Entering the no svc enable command does not terminate active SVC sessions.
Note
hostname(config)# username sales attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# svc enable
hostname(config-username-webvpn)#
Step 2
To enable compression of HTTP data over an SVC connection, for a specific user, enter the svc
compression command. By default, SVC compression is set to deflate (enabled). To disable compression
for a specific user, use the none keyword. To remove the svc compression command and cause the value
to be inherited, use the no form of the command:
hostname(config-username-webvpn)# svc compression {deflate | none}
hostname(config-username-webvpn)#
The following example disables SVC compression for the user named sales:
hostname(config)# username sales attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# svc compression none
hostname(config-username-webvpn)#
Step 3
To enable dead-peer-detection (DPD) on the security appliance and to set the frequency with which
either the SVC or the security appliance performs DPD, use the svc dpd-interval command. To remove
the svc dpd-interval command from the configuration, use the no form of the command. To disable SVC
DPD for this user, use the none keyword:
hostname(config-username-webvpn)# svc dpd-interval {[gateway {seconds | none}] | [client
{seconds | none}]}
hostname(config-username-webvpn)#
DPD checking is disabled by default.
The gateway refers to the security appliance. You can specify the frequency with which the security
appliance performs the DPD test as a range of from 30 to 3600 seconds (1 hour). Specifying none
disables the DPD testing that the security appliance performs.
The client refers to the SVC. You can specify the frequency with which the client performs the DPD test
as a range of from 30 to 3600 seconds (1 hour). Specifying none disables the DPD testing that the client
performs.
In the following example, the user configures the DPD frequency performed by the security appliance
(gateway) to 3000 seconds, and the DPD frequency performed by the client to 1000 seconds for the
existing user named sales:
hostname(config)# username sales attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# svc dpd-interval gateway 3000
hostname(config-username-webvpn)# svc dpd-interval client 1000
hostname(config-username-webvpn)#
OL-10088-01
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-85
Advertisement
Table of Contents
Troubleshooting
