Enabling Permanent Svc Installation - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Enabling Permanent SVC Installation
First exit to global configuration mode, and then enter the tunnel-group name webvpn-attributes
command to enter tunnel group webvpn attributes mode.
In the following example, the user enters webvpn attributes configuration mode for the tunnel group
telecommuters, and creates the group alias sales_department:
hostname(config)# tunnel-group telecommuters webvpn-attributes
hostname(config-tunnel-webvpn)# group-alias sales_department enable
Step 7
Enable the display of the tunnel-group list on the WebVPN Login page from webvpn mode:
First exit to global configuration mode, and then enter webvpn mode.
In the following example, the enters webvpn mode, and then enables the tunnel group list:
hostname(config)# webvpn
hostname(config-webvpn)# tunnel-group-list enable
Identify WebVPN as a permitted VPN tunneling protocol for the group or user with the
Step 8
vpn-tunnel-protocol webvpn command in group-policy mode or username mode:
To do this, first exit to global configuration mode, enter the group-policy name attributes command to
enter group-policy mode, or the username name attributes command to enter username mode, and then
enter the webvpn command to enter webvpn mode and change the WebVPN settings for the group or
user.
The following example identifies WebVPN as a permitted tunneling protocol for the group-policy sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# vpn-tunnel-protocol webvpn
Enable or require an SVC for a specific group or user by using the svc command from either
Step 9
group-policy webvpn mode or username webvpn mode:
The following example sets the SVC to required for the existing group-policy sales:
hostname(config-group-webvpn)# svc required
For more information about assigning users to group policies, see
Groups, Group Policies, and
Enabling Permanent SVC Installation
Enabling permanent SVC installation disables the automatic uninstalling feature of the SVC. The SVC
remains installed on the remote computer for subsequent SVC connections, reducing the SVC
connection time for the remote user.
To enable permanent SVC installation for a specific group or user, use the svc keep-installer command
from group-policy or username webvpn modes:
Where:
installed specifies the SVC is permanently installed on the remote computer.
Cisco Security Appliance Command Line Configuration Guide
38-4
tunnel-group-list enable
vpn-tunnel-protocol webvpn
svc {none | enable | required}
Users".
svc keep-installer {installed | none}
no svc keep-installer {installed | none}
Chapter 38
Configuring SSL VPN Client
Chapter 30, "Configuring Tunnel
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
