Configuring integrity server support – Cisco ASA 5505 User Manual

Page 1491

Advertising
background image

67-65

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Supporting a Zone Labs Integrity Server

Note

The current release of the ASA supports one Integrity server at a time, even though the user interfaces
support the configuration of up to five Integrity servers. If the active Integrity server fails, configure
another one on the ASA and then reestablish the VPN client session.

Configuring Integrity Server Support

This section describes an example procedure for configuring the ASA to support the Zone Labs Integrity
servers. The procedure involves configuring address, port, connection fail timeout and fail states, and
SSL certificate parameters.

To configure the Integrity server, perform the following steps:

Command

Purpose

Step 1

zonelabs-Integrity server-address

{hostname1 |

ip-address1}

Example:

hostname(config)# zonelabs-Integrity server-address

10.0.0.5

Configures an Integrity server using the IP address
10.0.0.5.

Step 2

zonelabs-integrity port

port-number

Example:

hostname(config)# zonelabs-integrity port 300

Specifies port 300 (the default port is 5054).

Step 3

zonelabs-integrity interface

interface

Example:

hostname(config)# zonelabs-integrity interface

inside

Specifies the inside interface for communications
with the Integrity server.

Step 4

zonelabs-integrity fail-timeout

timeout

Example:

hostname(config)# zonelabs-integrity fail-timeout 12

Ensures that the ASA waits 12 seconds for a response
from either the active or standby Integrity servers
before declaring the Integrity server as failed and
closing the VPN client connections.

Note

If the connection between the ASA and the
Integrity server fails, the VPN client
connections remain open by default so that
the enterprise VPN is not disrupted by the
failure of an Integrity server. However, you
may want to close the VPN connections if the
Zone Labs Integrity server fails.

Step 5

zonelabs-integrity fail-close

Example:

hostname(config)# zonelabs-integrity fail-close

Configures the ASA so that connections to VPN clients
close when the connection between the ASA and the
Zone Labs Integrity server fails.

Advertising