Configuring, Enabling, And Using Other Anyconnect Features; Configuring Certificate-Only Authentication; Using Compression - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Chapter 6 Configuring AnyConnect Features Using CLI

Configuring, Enabling, and Using Other AnyConnect Features

The following sections describe how to configure other AnyConnect features. Some features, such as
Secure Desktop and dynamic access policies, do not require that you specifically configure the
AnyConnect client to interact with that feature. Rather, all configuration for those features occurs on the
security appliance or within the software package itself.

Configuring Certificate-only Authentication

You can specify whether you want users to authenticate using AAA with a username and password or
using a digital certificate (or both). When you configure certificate-only authentication, users can
connect with digital certificate and are not required to provide a user ID and password. To configure
certificate-only authentication using CLI, use the authentication command with the keyword certificate
in tunnel-group webvpn mode. For example:
hostname(config)# tunnel-group testgroup webvpn-attributes
asa2(config-tunnel-webvpn)# authentication ?
asa2(config-tunnel-webvpn)# authentication certificate
You must configure ssl certificate-authentication interface <interface> port <port> for this option to
Note
take effect.
To configure certificate-only authentication using ASDM, select Configuration > Remote Access >
Network (Client) Access > SSL VPN Connection Profiles, and in the Connection Profiles area, select
Add or Edit. This displays the Add or Edit SSL VPN Connect Profile dialog box with the Basic option
selected. In the Authentication area, specify only Certificate as the Method.

Using Compression

On low-bandwidth connections, compression increases the communications performance between the
security appliance and the client by reducing the size of the packets being transferred. By default,
compression for all SSL VPN connections is enabled on the security appliance, both at the global level
and for specific groups or users. For broadband connections, compression might result in poorer
performance.
You can configure compression globally using the compression svc command from global configuration
mode. You can also configure compression for specific groups or users with the svc compression
command in group-policy and username webvpn modes. The global setting overrides the group-policy
and username settings.
Changing Compression Globally
To change the global compression settings, use the compression svc command from global
configuration mode:
To remove the command from the configuration, use the no form of the command.
In the following example, compression is disabled for all SSL VPN connections globally:
hostname(config)# no compression svc
OL-12950-012
compression svc
no compression svc
Configuring, Enabling, and Using Other AnyConnect Features
Cisco AnyConnect VPN Client Administrator Guide
6-5