Cisco ASA Series Cli Configuration Manual page 1695

Chapter 1 Configuring Connection Profiles, Group Policies, and Users
The following example shows how to enable browser proxy local-bypass for the group policy named
FirstGroup:
hostname(config)# group-policy FirstGroup attributes
hostname(config-group-policy)# msie-proxy local-bypass enable
hostname(config-group-policy)#
Configuring Group Policy Attributes for AnyConnect Secure Mobility
Client Connections
After enabling AnyConnect client connections as described in
VPN Client
these steps in group-policy webvpn configuration mode:
Step 1
Enter group policy webvpn configuration mode. For example:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
Step 2
To disable the permanent installation of the AnyConnect client on the endpoint computer, use the
anyconnect keep-installer command with the none keyword. For example:
hostname(config-group-webvpn)# anyconnect keep-installer none
hostname(config-group-webvpn)#
The default is that permanent installation of the client is enabled. The client remains installed on the
endpoint at the end of the AnyConnect session.
Step 3
To enable compression of HTTP data over an AnyConnect SSL connection for the group policy, enter
the anyconnect ssl compression command. By default, compression is set to none (disabled). To enable
compression, use the deflate keyword. For example:
hostname(config-group-webvpn)# anyconnect compression deflate
hostname(config-group-webvpn)#
Step 4
To enable dead peer detection (DPD) on the ASA and to set the frequency with which either the
AnyConnect client or the ASA performs DPD, use the anyconnect dpd-interval command:
By default, both the ASA and the AnyConnect client perform DPD every 30 seconds.
The gateway refers to the ASA. You can specify the frequency with which the ASA performs the DPD
test as a range of from 30 to 3600 seconds (1 hour). Specifying none disables the DPD testing that the
ASA performs. A value of 300 is recommended.
The client refers to the AnyConnect client. You can specify the frequency with which the client performs
the DPD test as a range of from 30 to 3600 seconds (1 hour). Specifying none disables the DPD testing
that the client performs. A value of 30 is recommended.
The following example configures the DPD frequency performed by the ASA (gateway) to 300 seconds,
and the DPD frequency performed by the client to 30 seconds:
hostname(config-group-webvpn)# anyconnect dpd-interval gateway 300
hostname(config-group-webvpn)# anyconnect dpd-interval client 30
hostname(config-group-webvpn)#
Connections", you can enable or require AnyConnect features for a group policy. Follow
anyconnect dpd-interval {[gateway {
Chapter 78, "Configuring AnyConnect
| none}] | [client {
seconds
Cisco ASA Series CLI Configuration Guide
Group Policies
| none}]}
seconds
1-61