Cisco PIX 500 Series Configuration Manual page 687
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Connection Profiles, Group Policies, and Users
After enabling SVC, as described in
you can enable or require SVC features for a specific group. This feature is disabled by default. If you
enable or require SVC, you can then enable a succession of svc commands, described in this section. To
enable SVC and its related svc commands, do the following steps in group-policy webvpn configuration
mode:
To enable the security appliance to download SVC files to remote computers, enter the svc enable
Step 1
command. By default, this command is disabled. The security appliance does not download SVC files.
To remove the svc enable command from the configuration, use the no form of this command.
hostname(config-group-webvpn)# svc
hostname(config-group-webvpn)#
Note
Entering the no svc enable command does not terminate active SVC sessions.
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc enable
hostname(config-group-webvpn)#
To enable compression of HTTP data over an SVC connection, for a specific group, enter the svc
Step 2
compression command. By default, SVC compression is set to deflate (enabled). To disable compression
for a specific group, use the none keyword. To remove the svc compression command and cause the
value to be inherited, use the no form of the command:
hostname(config-group-webvpn)# svc compression {deflate | none}
hostname(config-group-webvpn)#
The following example disables SVC compression for the group policy named sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc compression none
hostname(config-group-webvpn)#
To enable dead-peer-detection (DPD) on the security appliance and to set the frequency with which
Step 3
either the SVC or the security appliance performs DPD, use the svc dpd-interval command. To remove
the svc dpd-interval command from the configuration, use the no form of the command. To disable SVC
DPD for this group, use the none keyword:
hostname(config-group-webvpn)# svc dpd-interval {[gateway { seconds | none}] | [client
{ seconds | none}]}
hostname(config-group-webvpn)#
DPD checking is disabled by default.
The gateway refers to the security appliance. You can specify the frequency with which the security
appliance performs the DPD test as a range of from 30 to 3600 seconds (1 hour). Specifying none
disables the DPD testing that the security appliance performs.
The client refers to the SVC. You can specify the frequency with which the client performs the DPD test
as a range of from 30 to 3600 seconds (1 hour). Specifying none disables the DPD testing that the client
performs.
In the following example, the user configures the DPD frequency performed by the security appliance
(gateway) to 3000 seconds, and the DPD frequency performed by the client to 1000 seconds for the
existing group policy named sales:
hostname(config)# group-policy sales attributes
OL-12172-03
Chapter 38, "Configuring AnyConnect VPN Client
{none | enable | required}
Cisco Security Appliance Command Line Configuration Guide
Group Policies
Connections",
30-71
Advertisement
Table of Contents
Troubleshooting
