Filter
Top Products
35-8
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Group Policies
• Manage—Opens the Browse Time Range dialog box, on which you can add, edit, or delete a time
range.
• Simultaneous Logins—Specifies the maximum number of simultaneous logins allowed for this user.
The default value is 3. The minimum value is 0, which disables login and prevents user access.
Note While there is no maximum limit, allowing several simultaneous connections might compromise
security and affect performance.
• Restrict Access to VLAN—(Optional) Also called “VLAN mapping,” this parameter specifies the
egress VLAN interface for sessions to which this group policy applies. The security appliance
forwards all traffic on this group to the selected VLAN. Use this attribute to assign a VLAN to the
group policy to simplify access control. Assigning a value to this attribute is an alternative to using
ACLs to filter traffic on a session. In addition to the default value (Unrestricted), the drop-down list
shows only the VLANs that are configured on this security appliance.
Note This feature works for HTTP connections, but not for FTP and CIFS.
• Maximum Connect Time—If the Inherit check box is not selected, this parameter specifies the
maximum user connection time in minutes. At the end of this time, the system terminates the
connection. The minimum is 1 minute, and the maximum is 35791394 minutes (over 4000 years).
To allow unlimited connection time, select Unlimited (the default).
• Idle Timeout—If the Inherit check box is not selected, this parameter specifies this user’s idle
timeout period in minutes. If there is no communication activity on the user’s connection in this
period, the system terminates the connection. The minimum time is 1 minute, and the maximum time
is 10080 minutes. The default is 30 minutes. To allow unlimited connection time, select Unlimited.
This value does not apply to Clientless SSL VPN users.
• On smart card removal—With the default option, Disconnect, the client tears down the connection
if the smart card used for authentication is removed. Click Keep the connection if you do not want
to require users to keep their smart cards in the computer for the duration of the connection.
Modes
The following table shows the modes in which this feature is available:
Configuring the Portal for a Group Policy
The Portal attributes determine what appears on the portal page for members of this group policy
establishing Clientless SSL VPN connections. On this pane, you can enable Bookmark lists and URL
Entry, file server access, Port Forwarding and Smart Tunnels, ActiveX Relay, and HTTP settings.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——