Filter
Top Products
33-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
ASA Group Policies Dialog Box
Field Reference
Table 33-9 ASA Group Policies SSL VPN Full Client Settings
Element Description
Enable Full Client Whether to enable full client mode.
Mode The mode in which to operate the SSL VPN:
• Use Other Access Modes if AnyConnect Client Download
Fails—If the full client fails to download to the remote user, allow
the user to make clientless or thin client access to the VPN.
• Full Client Only—Prohibit clientless or thin client access. The
user must have the full client installed and functional to connect to
the VPN.
Keep AnyConnect Client on
Client System
Whether to leave the AnyConnect client installed on the client system
after the client disconnects. If you do not leave the client installed, it
must be download each time the user connects to the gateway.
Enable Keepalive Messages Whether to exchange keepalive messages between peers to demonstrate
that they are available to send and receive data in the tunnel. Keepalive
messages transmit at set intervals, and any disruption in that interval
results in the creation of a new tunnel using a backup device.
If you select this option, enter the time interval (in seconds) that the
remote client waits between sending IKE keepalive packets in the
Interval field.
SSL Compression Whether to enable data compression, and if so, the method of data
compression to use: None, Deflate, or LZS. Data compression speeds
up transmission rates for remote dial-in users connecting with modems.
Caution Data compression increases the memory requirement and
CPU usage for each user session and consequently decreases
the overall throughput of the security appliance. For this
reason, it is recommended that you enable data compression
only for remote users connecting with a modem. Design a
group policy specific to modem users and enable
compression only for them.
Client Dead Peer Detection
Timeout (sec)
The time interval, in seconds, that the Dead Peer Detection (DPD) timer
is reset each time a packet is received over the SSL VPN tunnel from
the remote user.
DPD is used to send keepalive messages between peer devices only
when no incoming traffic is received and outbound traffic needs to be
sent.
Gateway Dead Peer
Detection Timeout (sec)
The time interval, in seconds, that the Dead Peer Detection (DPD) timer
is reset each time a packet is received over the SSL VPN tunnel from
the gateway.