Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

35-39

Cisco ASDM User Guide

OL-16647-01

Chapter 35 General

Configuring SSL VPN Client Connections

• Keep Installer on Client System—Enable to allow permanent client installation on the remote

computer. Enabling disables the automatic uninstalling feature of the client. The client remains

installed on the remote computer for subsequent connections, reducing the connection time for the

remote user.

• Compression—Compression increases the communications performance between the security

appliance and the client by reducing the size of the packets being transferred.

• Datagram Transport Layer Security (DTLS)—DTLS avoids latency and bandwidth problems

associated with some SSL connections and improves the performance of real-time applications that

are sensitive to packet delays.

• Keepalive Messages—Enter an number, from 15 to 600 seconds, in the Interval field to enable and

adjust the interval of keepalive messages to ensure that an connection through a proxy, firewall, or

NAT device remains open, even if the device limits the time that the connection can be idle.

Adjusting the interval also ensures that the client does not disconnect and reconnect when the remote

user is not actively running a socket-based application, such as Microsoft Outlook or Microsoft

Internet Explorer.

• MTU—Adjusts the MTU size for SSL connections. Enter a value in bytes, from 256 to 1410 bytes.

By default, the MTU size is adjusted automatically based on the MTU of the interface that the

connection uses, minus the IP/UDP/DTLS overhead.

• Client Profile to Download—a profile is a group of configuration parameters that the AnyConnect

client uses to configure the connection entries that appear in the user interface, including the names

and addresses of host computers.

• Optional Client Module to Download—To minimize download time, the AnyConnect client only

requests downloads (from the security appliance) of modules that it needs for each feature that it

supports. You must specify the names of modules that enable other features, such as sbl to enable

the feature Start Before Logon (SBL).

For a list of values to enter for each client feature, see the release notes for the

Cisco AnyConnect VPN Client.

Modes

The following table shows the modes in which this feature is available:

Login Setting

In this window, you can enable the security appliance to prompt remote users to download the

AnyConnect client. Figure 35-1 shows the prompt displayed:

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next