Cisco FirePOWER ASA 5500 series Configuration Manual page 637
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
The auto-signon command is a single sign-on method for WebVPN users. It passes the WebVPN login
credentials (username and password) to internal servers for authentication using NTLM authentication,
basic authentication, or both. Multiple auto-signon commands can be entered and are processed
according to the input order (early commands take precedence).
You can use the auto-signon feature in three modes: webvpn configuration, webvpn group configuration,
or webvpn username configuration mode. The typical precedence behavior applies where username
supersedes group, and group supersedes global. The mode you choose will depend upon the desired
scope of authentication.
To disable auto-signon for a particular user to a particular server, use the no form of the command with
the original specification of IP block or URI. To disable authentication to all servers, use the no form
without arguments. The no option allows inheritance of a value from the group policy.
The following example commands configure auto-signon for a WebVPN user named anyuser,
using either basic or NTLM authentication, to servers defined by the URI mask
https://*.example.com/*:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# auto-signon allow uri https://*.example.com/* auth-type
all
The following example commands configure auto-signon for the WebVPN user named anyuser,
using either basic or NTLM authentication, to the server with the IP address 10.1.1.0,
using subnet mask 255.255.255.0:
hostname(config)# username anyuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# auto-signon allow ip 10.1.1.0 255.255.255.0 auth-type
all
hostname(config-username-webvpn)#
Specifying HTTP Compression
Enable compression of http data over a WebVPN connection for a specific user by entering the
http-comp command in the username webvpn configuration mode.
hostname(config-username-webvpn)# http-comp {gzip | none}
hostname(config-username-webvpn)#
To remove the command from the configuration and cause the value to be inherited, use the no form of
the command:
hostname(config-username-webvpn)# no http-comp {gzip | none}
hostname(config-username-webvpn)#
The syntax of this command is as follows:
•
•
For WebVPN connections, the compression command configured from global configuration mode
overrides the http-comp command configured in group policy and username webvpn modes.
In the following example, compression is disabled for the username testuser:
hostname(config)# username testuser internal
hostname(config)# username testuser attributes
hostname(config-username)# webvpn
hostname(config-username-webvpn)# http-comp none
hostname(config-username-webvpn)#
OL-10088-01
gzip—Specifies compression is enabled for the group or user. This is the default value.
none—Specifies compression is disabled for the group or user.
Cisco Security Appliance Command Line Configuration Guide
Configuring User Attributes
30-83
Advertisement
Table of Contents
Troubleshooting
