Cisco 5505 Administration Guide - Page 60
Enabling DTLS Globally for a Specific Port, Enabling DTLS for Specific Groups or Users, Prompting - for sale
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 60 highlights
Prompting Remote Users Chapter 6 Configuring AnyConnect Features Using CLI Enabling DTLS Globally for a Specific Port To enable DTLS globally for a particular port, use the dtls port command: [no] dtls port port_number For example: hostname(config-webvpn)# dtls outside Enabling DTLS for Specific Groups or Users To enable DTLS for specific groups or users, use the svc dtls enable command in group policy webvpn or username webvpn configuration mode: [no] svc dtls enable If DTLS is configured and UDP is interrupted, the remote user's connection automatically falls back from DTLS to TLS. The default is enabled; however, DTLS is not enabled by default on any individual interface. Enabling DTLS allows the AnyConnect client establishing an AnyConnect VPN connection to use two simultaneous tunnels-an SSL tunnel and a DTLS tunnel. Using DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the performance of real-time applications that are sensitive to packet delays. If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only with an SSL VPN tunnel. The following example enters group policy webvpn configuration mode for the group policy sales and enables DTLS: hostname(config)# enable inside hostname(config)# group-policy sales attributes hostname(config-group-policy)# webvpn hostname(config-group-webvpn)# svc dtls enable Prompting Remote Users You can enable the security appliance to prompt remote AnyConnect VPN client users to download the client with the svc ask command from group policy webvpn or username webvpn configuration modes: [no] svc ask {none | enable [default {webvpn | svc} timeout value]} svc ask enable prompts the remote user to download the client or go to the WebVPN portal page and waits indefinitely for user response. svc ask enable default svc immediately downloads the client. svc ask enable default webvpn immediately goes to the portal page. svc ask enable default svc timeout value prompts the remote user to download the client or go to the WebVPN portal page and waits the duration of value before taking the default action-downloading the client. Cisco AnyConnect VPN Client Administrator Guide 6-2 OL-12950-012