Cisco FirePOWER ASA 5500 series Configuration Manual page 640
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Configuring User Attributes
You can adjust the frequency of keepalive messages (specified by seconds), to ensure that an SVC
Step 4
connection through a proxy, firewall, or NAT device remains open, even if the device limits the time
that the connection can be idle.
Adjusting the frequency also ensures that the SVC does not disconnect and reconnect when the remote
user is not actively running a socket-based application, such as Microsoft Outlook or Microsoft Internet
Explorer.
To configure the frequency (15 through 600 seconds) which an SVC on a remote computer sends
keepalive messages to the security appliance, use the svc keepalive command. Use the no form of the
command to remove the command from the configuration and cause the value to be inherited:
hostname(config-username-webvpn)# svc keepalive {none | seconds}
hostname(config-username-webvpn)# no svc keepalive {none | seconds}
hostname(config-username-webvpn)#
SVC keepalives are disabled by default. Using the keyword none disables SVC keepalive messages.
In the following example, the user configures the security appliance to enable the SVC to send keepalive
messages, with a frequency of 300 seconds (5 minutes):
hostname(config-username-webvpn)# svc keepalive 300
hostname(config-username-webvpn)#
To enable the permanent installation of an SVC onto a remote computer, use the svc keep-installer
Step 5
command with the installed keyword. To remove the command from the configuration, use the no form
of this command:
hostname(config-username-webvpn)# svc keep-installer {installed | none}
hostname(config-username-webvpn)# no svc keep-installer {installed | none}
hostname(config-username-webvpn)#
The default is that permanent installation of the SVC is disabled. The SVC uninstalls from the remote
computer at the end of the SVC session.
The following example configures the security appliance to keep the SVC installed on the remote
computer for this user:
hostname(config-username-webvpn)# svc keep-installer installed
hostname(config-username-webvpn)#
To enable the SVC to perform a rekey on an SVC session, use the svc rekey command:
Step 6
hostname(config-username-webvpn)# svc rekey {method {ssl | new-tunnel} | time minutes |
none}}
To disable rekey and remove the command from the configuration, use the no form of this command:
hostname(config-username-webvpn)# no svc rekey [method {ssl | new-tunnel} | time minutes |
none}]
hostname(config-username-webvpn)#
By default, SVC rekey is disabled.
Specifying the method as new-tunnel specifies that the SVC establishes a new tunnel during SVC rekey.
Specifying the method as none disables SVC rekey. Specifying the method as ssl specifies that SSL
renegotiation takes place during SVC rekey. instead of specifying the method, you can specify the time;
that is, the number of minutes from the start of the session until the re-key takes place, from 1 through
10080 (1 week).
For the no form of the command, only the minimum is necessary. The following example is correct:
hostname(config-username-webvpn)# no svc rekey method
hostname(config-username-webvpn)#
Cisco Security Appliance Command Line Configuration Guide
30-86
Chapter 30
Configuring Tunnel Groups, Group Policies, and Users
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
