CHAPTER
6-1
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
6
Configuring AnyConnect Features Using CLI
The AnyConnect client includes the following features, which you configure on the security appliance:
• Enabling Datagram Transport Layer Security (DTLS) with AnyConnect (SSL) Connections,
page 6-1
• Prompting Remote Users, page 6-2
• Enabling IPv6 VPN Access, page 6-3
• Enabling Modules for Additional AnyConnect Features, page 6-4
• Configuring Certificate-only Authentication, page 6-5
• Using Compression, page 6-5
• Configuring the Dynamic Access Policies Feature of the Security Appliance, page 6-6
• Configuring the Dynamic Access Policies Feature of the Security Appliance, page 6-6
• Cisco Secure Desktop Support, page 6-6
• Enabling AnyConnect Rekey, page 6-6
• Enabling and Adjusting Dead Peer Detection, page 6-7
• Enabling AnyConnect Keepalives, page 6-8
Enabling Datagram Transport Layer Security (DTLS) with
AnyConnect (SSL) Connections
Datagram Transport Layer Security avoids latency and bandwidth problems associated with some
SSL-only connections, including AnyConnect connections, and improves the performance of real-time
applications that are sensitive to packet delays. DTLS is a standards-based SSL protocol that provides a
low-latency data path using UDP. For detailed information about DTLS, see RFC 4347
(h
ttp://www.ietf.org/rfc/rfc4347.txt).
Datagram Transport Layer Security (DTLS) allows the AnyConnect client establishing an SSL VPN
con
nection to use two simultaneous tunnels—an SSL tunnel and a DTLS tunnel. Using DTLS avoids
latency and bandwidth problems associated with some SSL connections and improves the performance
of real-time applications that are sensitive to packet delays.
If you do not enable DTLS, SSL VPN connections connect with an SSL VPN tunnel only.
To Next Page
Loading...
