Enabling Keepalive - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Enabling Keepalive
gateway none disables DPD performed by the security appliance.
client seconds enable DPD performed by the SVC (client), and specifies the frequency, from 30 to 3600
seconds, with which the SVC performs DPD.
client none disables DPD performed by the SVC.
To remove the svc dpd-interval command from the configuration, use the no form of the command:
The following example sets the frequency of DPD performed by the security appliance to 3000 seconds,
and the frequency of DPD performed by the SVC set to 1000 seconds for the existing group-policy sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-policy)# svc dpd-interval gateway 3000
hostname(config-group-policy)# svc dpd-interval client 1000
Enabling Keepalive
You can adjust the frequency of keepalive messages to ensure that an SVC connection through a proxy,
firewall, or NAT device remains open, even if the device limits the time that the connection can be idle.
Adjusting the frequency also ensures that the SVC does not disconnect and reconnect when the remote
user is not actively running a socket-based application, such as Microsoft Outlook or Microsoft Internet
Explorer.
To set the frequency of keepalive messages, use the svc keepalive command from group-policy or
username webvpn modes:
Where:
none disables SVC keepalive messages.
seconds enables the SVC to send keepalive messages, and specifies the frequency of the messages in the
range of 15 to 600 seconds.
The default is keepalive messages are disabled.
Use the no form of the command to remove the command from the configuration and cause the value to
be inherited:
In the following example, the security appliance is configured to enable the SVC to send keepalive
messages with a frequency of 300 seconds (5 minutes), for the existing group-policy sales:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# svc keepalive 300
Using SVC Compression
SVC compression increases the communications performance between the security appliance and the
SVC by reducing the size of the packets being transferred. By default, compression for all SVC
connections is enabled on the security appliance, both at the global level and for specific groups or users.
SVC compression can be set globally using the compression svc command from global configuration
mode. It can also be set for specific groups or users with the svc compression command in group-policy
and username webvpn modes. The global setting overrides the group-policy and username settings.
Cisco Security Appliance Command Line Configuration Guide
38-6
svc keepalive {none | seconds}
no svc keepalive {none | seconds}
Chapter 38
Configuring SSL VPN Client
OL-10088-01
Advertisement
Table of Contents
Troubleshooting
