Cisco ASA 5505 User Manual

Page 1503

Advertising
background image

67-77

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Supporting a Zone Labs Integrity Server

hostname(config-group-webvpn)# http-comp {gzip | none}

hostname(config-group-webvpn)#

To remove the command from the configuration and cause the value to be inherited, use the no form of
the command:

hostname(config-group-webvpn)# no http-comp {gzip | none}

hostname(config-group-webvpn)#

The syntax of this command is as follows:

gzip—Specifies compression is enabled for the group or user. This is the default value.

none—Specifies compression is disabled for the group or user.

For clientless SSL VPN sessions, the compression command configured from global configuration
mode overrides the http-comp command configured in group policy and username webvpn modes.

In the following example, compression is disabled for the group-policy sales:

hostname(config)# group-policy sales attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# http-comp none

hostname(config-group-webvpn)#

Specifying the SSO Server

Single sign-on support, available only for clientless SSL VPN sessions, lets users access different secure
services on different servers without reentering a username and password more than once. The
sso-server value command, when entered in group-policy-webvpn mode, lets you assign an SSO server
to a group policy.

To assign an SSO server to a group policy, use the sso-server value command in group-policy-webvpn
configuration mode. This command requires that your configuration include CA SiteMinder command.

hostname(config-group-webvpn)# sso-server value server_name

hostname(config-group-webvpn)#

To remove the assignment and use the default policy, use the no form of this command. To prevent
inheriting the default policy, use the sso-server none command.

hostname(config-group-webvpn)# sso-server {value server_name | none}

hostname(config-group-webvpn)# [no] sso-server value server_name

The default policy assigned to the SSO server is DfltGrpPolicy.

The following example creates the group policy “my-sso-grp-pol” and assigns it to the SSO server
named “example”:

hostname(config)# group-policy my-sso-grp-pol internal

hostname(config)# group-policy my-sso-grp-pol attributes

hostname(config-group-policy)# webvpn

hostname(config-group-webvpn)# sso-server value example

hostname(config-group-webvpn)#

Configuring Group-Policy Attributes for AnyConnect Secure Mobility Client Connections

After enabling AnyConnect client connections as described in

Chapter 75, “Configuring AnyConnect

VPN Client Connections”

, you can enable or require AnyConnect features for a group policy. Follow

these steps in group-policy webvpn configuration mode:

Advertising