Cisco PIX 500 Series Configuration Manual page 685

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Administration manual (653 pages)

Quick start manual (72 pages)

User manual (60 pages)

Table of Contents

Configuring Connection Profiles, Group Policies, and Users

The following example shows how to set the name, Remote Access TCP Applications, for the internal

group policy named FirstGroup:

hostname(config)# group-policy FirstGroup internal attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# port-forward-name value Remote Access TCP Applications

hostname(config-group-webvpn)#

Configuring the Maximum Object Size to Ignore for Updating the Session Timer

Network devices exchange short keepalive messages to ensure that the virtual circuit between them is

still active. The length of these messages can vary. The keep-alive-ignore command lets you tell the

security appliance to consider all messages that are less than or equal to the specified size as keepalive

messages and not as traffic when updating the session timer. The range is 0 through 900 KB. The default

To specify the upper limit of the HTTP/HTTPS traffic, per transaction, to ignore, use the

keep-alive-ignore command in group-policy attributes webvpn configuration mode:

hostname(config-group-webvpn)# keep-alive-ignore size

hostname(config-group-webvpn)#

The no form of the command removes this specification from the configuration:

hostname(config-group-webvpn)# no keep-alive-ignore

hostname(config-group-webvpn)#

The following example sets the maximum size of objects to ignore as 5 KB:

hostname(config-group-webvpn)# keep-alive-ignore 5

hostname(config-group-webvpn)#

Specifying HTTP Compression

Enable compression of http data over a clientless SSL VPN session for a specific group or user by

entering the http-comp command in the group policy webvpn mode.

hostname(config-group-webvpn)# http-comp {gzip | none}

hostname(config-group-webvpn)#

To remove the command from the configuration and cause the value to be inherited, use the no form of

the command:

hostname(config-group-webvpn)# no http-comp {gzip | none}

hostname(config-group-webvpn)#

The syntax of this command is as follows:

For clientless SSL VPN sessions, the compression command configured from global configuration

mode overrides the http-comp command configured in group policy and username webvpn modes.

In the following example, compression is disabled for the group-policy sales:

hostname(config)# group-policy sales attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# http-comp none

hostname(config-group-webvpn)#

gzip—Specifies compression is enabled for the group or user. This is the default value.

none—Specifies compression is disabled for the group or user.

Cisco Security Appliance Command Line Configuration Guide

Group Policies

Troubleshooting

Asa 5500 series

Cisco PIX 500 Series Configuration Manual page 685

Troubleshooting

Related Manuals for Cisco PIX 500 Series

Related Products for Cisco PIX 500 Series

This manual is also suitable for:

Table of Contents