Cisco 5505 Administration Guide - Page 63
Configuring, Enabling, and Using Other AnyConnect Features, Configuring Certificate-only Authentication, Using Compression - default password
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 63 highlights
Chapter 6 Configuring AnyConnect Features Using CLI Configuring, Enabling, and Using Other AnyConnect Features Configuring, Enabling, and Using Other AnyConnect Features The following sections describe how to configure other AnyConnect features. Some features, such as Secure Desktop and dynamic access policies, do not require that you specifically configure the AnyConnect client to interact with that feature. Rather, all configuration for those features occurs on the security appliance or within the software package itself. Configuring Certificate-only Authentication You can specify whether you want users to authenticate using AAA with a username and password or using a digital certificate (or both). When you configure certificate-only authentication, users can connect with digital certificate and are not required to provide a user ID and password. To configure certificate-only authentication using CLI, use the authentication command with the keyword certificate in tunnel-group webvpn mode. For example: hostname(config)# tunnel-group testgroup webvpn-attributes asa2(config-tunnel-webvpn)# authentication ? asa2(config-tunnel-webvpn)# authentication certificate Note You must configure ssl certificate-authentication interface port for this option to take effect. To configure certificate-only authentication using ASDM, select Configuration > Remote Access > Network (Client) Access > SSL VPN Connection Profiles, and in the Connection Profiles area, select Add or Edit. This displays the Add or Edit SSL VPN Connect Profile dialog box with the Basic option selected. In the Authentication area, specify only Certificate as the Method. Using Compression On low-bandwidth connections, compression increases the communications performance between the security appliance and the client by reducing the size of the packets being transferred. By default, compression for all SSL VPN connections is enabled on the security appliance, both at the global level and for specific groups or users. For broadband connections, compression might result in poorer performance. You can configure compression globally using the compression svc command from global configuration mode. You can also configure compression for specific groups or users with the svc compression command in group-policy and username webvpn modes. The global setting overrides the group-policy and username settings. Changing Compression Globally To change the global compression settings, use the compression svc command from global configuration mode: compression svc no compression svc To remove the command from the configuration, use the no form of the command. In the following example, compression is disabled for all SSL VPN connections globally: hostname(config)# no compression svc OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 6-5