Cisco 5505 Administration Guide - Page 45
Cisco 5505 - ASA Firewall Edition Bundle Manual
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 45 highlights
Chapter 5 Configuring AnyConnect Features Using ASDM Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only with an SSL VPN tunnel. To enable DTLS, use the Datagram TLS setting in either Group Policy or Username. The paths to this setting are: • Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit > Add or Edit Internal Group Policy > Advanced > SSL VPN Client • Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client • Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client Figure 5-2 shows an example of configuring the DTLS setting for an internal group policy. Figure 5-2 Enabling or Disabling DTLS Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection must be enabled in the group policy on the security appliance to allow the AnyConnect client to fall back to TLS, if necessary. Fallback to TLS occurs if the AnyConnect client cannot send data over the UPD/DTLS session, and the DPD mechanism is necessary for fallback to occur. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 5-3