Filter
Top Products
35-81
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
System Options
You can require an access rule to apply to the local IP addresses by unchecking this option. The
access rule applies to the local IP address, and not to the original client IP address used before the
VPN packet was decrypted.
• Limit the maximum number of active IPSec VPN sessions—Enables or disables limiting the
maximum number of active IPSec VPN sessions. The range depends on the hardware platform and
the software license.
–
Maximum Active IPSec VPN Sessions—Specifies the maximum number of active IPSec VPN
sessions allowed. This field is active only when you select the preceding check box to limit the
maximum number of active IPSec VPN sessions.
• L2TP Tunnel Keep-alive Timeout—Specifies the frequency, in seconds, of keepalive messages. The
range is 10 through 300 seconds. The default is 60 seconds.
• Preserve stateful VPN flows when tunnel drops for Network-Extension Mode (NEM)—Enables or
disables preserving IPsec tunneled flows in Network-Extension Mode. With the persistent IPsec
tunneled flows feature enabled, as long as the tunnel is recreated within the timeout window, data
continues flowing successfully because the security appliance still has access to the state
information. This option is disabled by default.
Note Tunneled TCP flows are not dropped, so they rely on the TCP timeout for cleanup. However, if
the timeout is disabled for a particular tunneled flow, that flow remains in the system until being
cleared manually or by other means (for example, by a TCP RST from the peer).
Modes
The following table shows the modes in which this feature is available:
Configuring SSL VPN Connections, Advanced
The advanced options include configuring split tunneling, IE browser proxy, and group-policy related
attributes for SSL VPN/AnyConnect clients and IPSec clients.
Configuring Split Tunneling
Split tunneling lets you specify that certain data traffic is encrypted (“goes through the tunnel”), while
the remainder is sent in the clear (unencrypted). Split-tunneling network lists distinguish networks that
require traffic to go through the tunnel from those that do not require tunneling. the security appliance
makes split-tunneling decisions based on a network list, which is an ACL consisting of a list of addresses
on the private network.
Fields
• DNS Names—Specify one or more DNS names to which this policy applies.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——