6-2
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Chapter 6 Configuring AnyConnect Features Using CLI
Prompting Remote Users
Enabling DTLS Globally for a Specific Port
To enable DTLS globally for a particular port, use the dtls port command:
[no] dtls port po
rt_number
For example:
hostname(config-webvpn)# dtls outside
Enabling DTLS for Specific Groups or Users
To enable DTLS for specific groups or users, use the svc dtls enable command in group policy webvpn
or username webvpn configuration mode:
[no] svc dtls
enable
If DTLS is configured and UDP is interrupted, the remot
e user’s connection automatically falls back
from DTLS to TLS. The default is enabled; however, DTLS is not enabled by default on any individual
interface.
Enabling DTLS allows the AnyConnect client establ
ishing an AnyConnect VPN connection to use two
simultaneous tunnels—an SSL tunnel and a DTLS tunnel. Using DTLS avoids latency and bandwidth
problems associated with some SSL connections and improves the performance of real-time applications
that are sensitive to packet delays.
If you do not enable DTLS, AnyConnect client users establishing SSL VPN connections connect only
with
an SSL VPN tunnel.
The following example enters group policy webvpn configuration mode for the group policy sales and
enable
s DTLS:
hostname(config)# enable inside
hostname(config)# group-policy sa
les attributes
hostname(config-group-policy)# we
bvpn
hostname(config-group-webvpn)# sv
c dtls enable
Prompting Remote Users
You can enable the security appliance to prompt remote AnyConnect VPN client users to download the
client with the svc ask command from group policy webvpn or username webvpn configuration modes:
[no] svc ask {none | ena
ble [default {webvpn | svc} timeout value]}
svc ask enable pro
mpts the remote user to download the client or go to the WebVPN portal page
and waits indefinitely for user response.
svc ask enable default svc immedi
ately downloads the client.
svc ask enable default webvpn immedi
ately goes to the portal page.
svc ask enable default svc timeout value pro
mpts the remote user to download the client or go to
the WebVPN portal page and waits the duration of value before taking the default
action—downloading the client.
To Next Page
Loading...
Need help?
General