Filter
Top Products
35-38
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
Configuring SSL VPN Client Connections
Note This does not change the number of days before the password expires, but rather, it enables
the notification. If you select this option, you must also specify the number of days.
Modes
The following table shows the modes in which this feature is available:
Configuring SSL VPN Client Connections
The Cisco AnyConnect VPN Client provides secure SSL connections to the security appliance for
remote users. The client gives remote users the benefits of an SSL VPN client without the need for
network administrators to install and configure clients on remote computers.
Without a previously-installed client, remote users enter the IP address in their browser of an interface
configured to accept SSL VPN connections. Unless the security appliance is configured to redirect http://
requests to https://, users must enter the URL in the form https://<address>.
After entering the URL, the browser connects to that interface and displays the login screen. If the user
satisfies the login and authentication, and the security appliance identifies the user as requiring the
client, it downloads the client that matches the operating system of the remote computer. After
downloading, the client installs and configures itself, establishes a secure SSL connection and either
remains or uninstalls itself (depending on the security appliance configuration) when the connection
terminates.
In the case of a previously installed client, when the user authenticates, the security appliance examines
the revision of the client, and upgrades the client as necessary.
When the client negotiates an SSL VPN connection with the security appliance, it connects using
Transport Layer Security (TLS), and optionally, Datagram Transport Layer Security (DTLS). DTLS
avoids latency and bandwidth problems associated with some SSL connections and improves the
performance of real-time applications that are sensitive to packet delays.
The AnyConnect client can be downloaded from the security appliance, or it can be installed manually
on the remote PC by the system administrator. For more information about installing the client manually,
see the Cisco AnyConnect VPN Client Release Notes.
The security appliance downloads the client based on the group policy or username attributes of the user
establishing the connection. You can configure the security appliance to automatically download the
client, or you can configure it to prompt the remote user about whether to download the client. In the
latter case, if the user does not respond, you can configure the security appliance to either download the
client after a timeout period or present the login page.
Fields
• Inherit—(Multiple instances) Indicates that the corresponding setting takes its value from the
default group policy, rather than from the explicit specifications that follow. This is the default
setting for all attributes in this pane.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——