Enabling Anyconnect Rekey - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Configuring, Enabling, and Using Other AnyConnect Features
•
Figure 5-10
Figure 5-10
Configure the Keepalive Messages field for this attributeby deselecting Inherit and entering a number,
from 15 to 600 seconds, in the Interval field to enable and adjust the interval of keepalive messages to
ensure that an connection through a proxy, firewall, or NAT device remains open, even if the device
limits the time that the connection can be idle. Adjusting the interval also ensures that the client does not
disconnect and reconnect when the remote user is not actively running a socket-based application, such
as Microsoft Outlook or Microsoft Internet Explorer.

Enabling AnyConnect Rekey

Configuring AnyConnect Rekey specifies that SSL renegotiation takes place during rekey. When the
security appliance and the SSL VPN client perform a rekey, they renegotiate the crypto keys and
initialization vectors, increasing the security of the connection.
To enable Rekey, use the Key Regeneration dialog box in either Group Policy or Username. The paths
to this setting are:
•
Cisco AnyConnect VPN Client Administrator Guide
5-12
Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client
shows an example of configuring the keepalive messages setting for an internal group policy.
Configuring Keepalive Messages
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Key Regeneration
Chapter 5 Configuring AnyConnect Features Using ASDM
OL-12950-012