Cisco ASA 5505 Configuration Manual page 1420

SSL VPN Client Settings
After entering the URL, the browser connects to that interface and displays the login screen. If the user
satisfies the login and authentication, and the adaptive security appliance identifies the user as requiring
the client, it downloads the client that matches the operating system of the remote computer. After
downloading, the client installs and configures itself, establishes a secure SSL connection and either
remains or uninstalls itself (depending on the adaptive security appliance configuration) when the
connection terminates.
In the case of a previously installed client, when the user authenticates, the adaptive security appliance
examines the revision of the client, and upgrades the client as necessary.
When the client negotiates an SSL VPN connection with the adaptive security appliance, it connects
using Transport Layer Security (TLS), and optionally, Datagram Transport Layer Security (DTLS).
DTLS avoids latency and bandwidth problems associated with some SSL connections and improves the
performance of real-time applications that are sensitive to packet delays.
The AnyConnect client can be downloaded from the adaptive security appliance, or it can be installed
manually on the remote PC by the system administrator. For more information about installing the client
manually, see the Cisco AnyConnect VPN Client Administrator Guide.
The adaptive security appliance downloads the client based on the group policy or local user policy
attributes. You can configure the adaptive security appliance to automatically download the client, or you
can configure it to prompt the remote user about whether to download the client. In the latter case, if the
user does not respond, you can configure the adaptive security appliance to either download the client
after a timeout period or present the login page.
Fields
• SSL VPN Client Images table—Displays the package files specified as SSL VPN client images, and
allows you to establish the order that the adaptive security appliance downloads the images to the
remote PC.
SSL VPN Client Profiles table—Displays the XML files specified as SSL VPN client profiles. These
•
profiles display host information in the AnyConnect VPN Client user interface.
• Cache File System—The security appliance expands SSL VPN client and CSD images in cache
memory. Adjust the size of cache memory to ensure the images have enough space to expand.
Cisco ASA 5500 Series Configuration Guide using ASDM
64-110
Add—Displays the Add SSL VPN Client Image dialog box, where you can specify a file in flash
–
memory as a client image file, or where you can browse flash memory for a file to specify as a
client image. You can also upload a file from a local computer to the flash memory.
Replace—Displays the Replace SSL VPN Client Image dialog box, where you can specify a file
–
in flash memory as an client image to replace an image highlighted in the SSL VPN Client
Images table. You can also upload a file from a local computer to the flash memory.
– Delete—Deletes an image from the table. This does not delete the package file from flash.
– Move Up and Move Down—changes the order in which the adaptive security appliance
downloads the client images to the remote PC. It downloads the image at the top of the table
first. Therefore, you should move the image used by the most commonly-encountered operating
system to the top.
Add—Displays the Add SSL VPN Client Profiles dialog box, where you can specify a file in
–
flash memory as a profile, or where you can browse flash memory for a file to specify as a
profile. You can also upload a file from a local computer to the flash memory.
Edit—Displays the Edit SSL VPN Client Profiles dialog box, where you can specify a file in
–
flash memory as a profile to replace a profile highlighted in the SSL VPN Client Profiles table.
You can also upload a file from a local computer to the flash memory.
– Delete—Deletes a profile from the table. This does not delete the XML file from flash.
Chapter 64 General VPN Setup
OL-20339-01