Cisco 5505 Administration Guide - Page 64
Configuring the Dynamic Access Policies Feature of the Security Appliance, Cisco Secure Desktop - asa
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 64 highlights
Configuring, Enabling, and Using Other AnyConnect Features Chapter 6 Configuring AnyConnect Features Using CLI Changing Compression for Groups and Users To change compression for a specific group or user, use the svc compression command in the group-policy and username webvpn modes: svc compression {deflate | none} no svc compression {deflate | none} By default, for groups and users, SSL compression is set to deflate (enabled). To remove the svc compression command from the configuration and cause the value to be inherited from the global setting, use the no form of the command: The following example disables compression for the group-policy sales: hostname(config)# group-policy sales attributes hostname(config-group-policy)# webvpn hostname(config-group-webvpn)# svc compression none Note For compression to work, both the compression svc command (configured from global configuration mode) and the svc compression command (configured in group-policy and username webvpn modes) must be enabled. If either command is set to none or to the no form, compression is disabled. Configuring the Dynamic Access Policies Feature of the Security Appliance On the security appliance, you can configure authorization that addresses the variables of multiple group membership and endpoint security for VPN connections. There is no specific configuration of AnyConnect required to use dynamic access policies. For detailed information about configuring dynamic access policies, see Cisco ASDM User Guide, Cisco Security Appliance Command Line Configuration Guide, or Cisco Security Appliance Command Reference. Cisco Secure Desktop Support Cisco Secure Desktop validates the security of client computers requesting access to your SSL VPN, helps ensure they remain secure while they are connected, and attempts to remove traces of the session after they disconnect. The Cisco AnyConnect VPN Client supports the Secure Desktop functions of Cisco Secure Desktop for Windows 2000 and Windows XP. There is no specific configuration of AnyConnect required to use Secure Desktop. For detailed information about configuring Cisco Secure Desktop, see the Cisco Secure Desktop Configuration Guide for Cisco ASA 5500 Series Administrators (Software Release 3.2). Enabling AnyConnect Rekey Configuring AnyConnect Rekey specifies that SSL renegotiation takes place during rekey. When the security appliance and the SSL VPN client perform a rekey, they renegotiate the crypto keys and initialization vectors, increasing the security of the connection. To enable the client to perform a rekey on an SSL VPN connection for a specific group or user, use the svc rekey command from group-policy and username webvpn modes. Cisco AnyConnect VPN Client Administrator Guide 6-6 OL-12950-012