Cisco 5505 Administration Guide - Page 78
Configuring the ServerList Attribute, Configuring the Certificate Match Attribute
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 78 highlights
Configuring Profile Attributes Chapter 7 Configuring and Using AnyConnect Client Operating Modes and User Profiles You must also specify on the security appliance that you want to allow SBL (or any other modules for additional features). See the description in the section Enabling Modules for Additional AnyConnect Features, page 5-5 (ASDM) or Enabling Modules for Additional AnyConnect Features, page 6-4 (CLI) for a description of how to do this. Configuring the ServerList Attribute One of the main uses of the profile is to provide a means of supplying a user of the client with a list of hosts to which they can connect. The user then selects the appropriate server. This server list consists of host name and host address pairs. The host name can be an alias used to refer to the host, an FQDN, or an IP address. If an FQDN or IP address is used, a HostAddress element is not required. In establishing a connection, the host address is used as the connection address unless it is not supplied. This allows the host name to be an alias or other name that need not be directly tied to a network addressable host. If no host address is supplied, the connection attempt tries to connect to the host name. As part of the definition of the server list, a default server can be specified. This default server is identified as such the first time a user attempts a connection using the client. If a user connects with a server other than the default then for this user, the new default is the selected server. The user selection does not alter the contents of the profile. Instead, the user selection is entered into the user preferences. MarketingASA01 209.165.200.224,/HostAddress> EngineeringASA01 209.165.200.225,/HostAddress> Configuring the Certificate Match Attribute The AnyConnect client supports the following certificate match types. Some or all of these may be used for client certificate matching. Certificate matching are global criteria that can be set in an AnyConnect profile. The criteria are: • Key Usage • Extended Key Usage • Distinguished Name Certificate Key Usage Matching Certificate key usage offers a set of constraints on the broad types of operations that can be performed with a given certificate. The supported set includes: • DIGITAL_SIGNATURE • NON_REPUDIATION • KEY_ENCIPHERMENT 7-12 Cisco AnyConnect VPN Client Administrator Guide OL-12950-012