Configuring The Dynamic Access Policies Feature Of The Security Appliance; Cisco Secure Desktop Support; Enabling Anyconnect Rekey - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual
Administration guide
Hide thumbs
Also See for 5505 - ASA Firewall Edition Bundle:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Configuring, Enabling, and Using Other AnyConnect Features
Changing Compression for Groups and Users
To change compression for a specific group or user, use the svc compression command in the
group-policy and username webvpn modes:
By default, for groups and users, SSL compression is set to deflate (enabled).
To remove the svc compression command from the configuration and cause the value to be inherited
from the global setting, use the no form of the command:
The following example disables compression for the group-policy sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc compression none
Note
Configuring the Dynamic Access Policies Feature of the Security Appliance
On the security appliance, you can configure authorization that addresses the variables of multiple group
membership and endpoint security for VPN connections. There is no specific configuration of
AnyConnect required to use dynamic access policies. For detailed information about configuring
dynamic access policies, see Cisco ASDM User Guide, Cisco Security Appliance Command Line
Configuration Guide, or Cisco Security Appliance Command Reference.
Cisco Secure Desktop Support
Cisco Secure Desktop validates the security of client computers requesting access to your SSL VPN,
helps ensure they remain secure while they are connected, and attempts to remove traces of the session
after they disconnect. The Cisco AnyConnect VPN Client supports the Secure Desktop functions of
Cisco Secure Desktop for Windows 2000 and Windows XP. There is no specific configuration of
AnyConnect required to use Secure Desktop. For detailed information about configuring Cisco Secure
Desktop, see the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators
(Software Release 3.2).
Enabling AnyConnect Rekey
Configuring AnyConnect Rekey specifies that SSL renegotiation takes place during rekey.
When the security appliance and the SSL VPN client perform a rekey, they renegotiate the crypto keys
and initialization vectors, increasing the security of the connection.
To enable the client to perform a rekey on an SSL VPN connection for a specific group or user, use the
svc rekey command from group-policy and username webvpn modes.
Cisco AnyConnect VPN Client Administrator Guide
6-6
svc compression {deflate | none}
no svc compression {deflate | none}
For compression to work, both the compression svc command (configured from global
configuration mode) and the svc compression command (configured in group-policy and
username webvpn modes) must be enabled. If either command is set to none or to the no form,
compression is disabled.
Chapter 6
Configuring AnyConnect Features Using CLI
OL-12950-012
Advertisement
Table of Contents
