Enabling Dtls Globally For A Specific Port; Enabling Dtls For Specific Groups Or Users; Prompting Remote Users - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Administration guide

Hide thumbs Also See for 5505 - ASA Firewall Edition Bundle:

Configuration manual (1822 pages)

Getting started manual (168 pages)

Hardware installation manual (82 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

page of 118

/ 118
Contents
Table of Contents
Bookmarks

Table of Contents

Prompting Remote Users

Enabling DTLS Globally for a Specific Port

To enable DTLS globally for a particular port, use the dtls port command:

For example:

hostname(config-webvpn)# dtls outside

Enabling DTLS for Specific Groups or Users

To enable DTLS for specific groups or users, use the svc dtls enable command in group policy webvpn

or username webvpn configuration mode:

If DTLS is configured and UDP is interrupted, the remote user's connection automatically falls back

from DTLS to TLS. The default is enabled; however, DTLS is not enabled by default on any individual

interface.

Enabling DTLS allows the AnyConnect client establishing an AnyConnect VPN connection to use two

simultaneous tunnels—an SSL tunnel and a DTLS tunnel. Using DTLS avoids latency and bandwidth

problems associated with some SSL connections and improves the performance of real-time applications

that are sensitive to packet delays.

If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only

with an SSL VPN tunnel.

The following example enters group policy webvpn configuration mode for the group policy sales and

enables DTLS:

hostname(config)# enable inside

hostname(config)# group-policy sales attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# svc dtls enable

Prompting Remote Users

You can enable the security appliance to prompt remote AnyConnect VPN client users to download the

client with the svc ask command from group policy webvpn or username webvpn configuration modes:

Cisco AnyConnect VPN Client Administrator Guide

6-2

[no] dtls port port_number

[no] svc dtls enable

[no] svc ask {none | enable [default {webvpn | svc} timeout value]}

svc ask enable prompts the remote user to download the client or go to the WebVPN portal page

and waits indefinitely for user response.

svc ask enable default svc immediately downloads the client.

svc ask enable default webvpn immediately goes to the portal page.

svc ask enable default svc timeout value prompts the remote user to download the client or go to

the WebVPN portal page and waits the duration of value before taking the default

action—downloading the client.

Chapter 6

Configuring AnyConnect Features Using CLI

OL-12950-012

Table of Contents

Enabling Dtls Globally For A Specific Port; Enabling Dtls For Specific Groups Or Users; Prompting Remote Users - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Prompting Remote Users

Enabling DTLS Globally for a Specific Port

Enabling DTLS for Specific Groups or Users

Prompting Remote Users

Related Manuals for Cisco 5505 - ASA Firewall Edition Bundle

Related Content for Cisco 5505 - ASA Firewall Edition Bundle

Table of Contents