EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1305 background imageLoading...
Page #1305 background image
63-25
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 63 Configuring IKE, Load Balancing, and NAC
Setting Global NAC Parameters
To enable Clientless SSL VPN load balancing using FQDNs rather than IP addresses, perform the
following configuration steps:
Step 1 Enable the use of FQDNs for Load Balancing by checking the Send FQDN to client... checkbox.
Step 2 Add an entry for each of your adaptive security appliance outside interfaces into your DNS server, if
such entries are not already present. Each adaptive security appliance outside IP address should have a
DNS entry associated with it for lookups. These DNS entries must also be enabled for Reverse Lookup.
Step 3 Enable DNS lookups on your adaptive security appliance on the dialog box Configuration > Device
Management > DNS > DNS Client for whichever interface has a route to your DNS server.
Step 4 Define your DNS server IP address on the adaptive security appliance. To do this, click Add on this
dialog box. This opens the Add DNS Server Group dialog box. Enter the IP address of the DNS server
you want to add; for example,
192.168.1.1 (IP address of your DNS server).
Step 5 Click OK and Apply.
Modes
The following table shows the modes in which this feature is available:
Setting Global NAC Parameters
The adaptive security appliance uses Extensible Authentication Protocol (EAP) over UDP (EAPoUDP)
messaging to validate the posture of remote hosts. Posture validation involves checking a remote host
for compliancy with safety requirements before the assignment of a network access policy. An Access
Control Server must be configured for Network Admission Control before you configure NAC on the
adaptive security appliance.
Fields
The NAC pane lets you set attributes that apply to all NAC communications. The following global
attributes at the top of the pane apply to EAPoUDP messaging between the adaptive security appliance
and remote hosts:
• Port—Port number for EAP over UDP communication with the Cisco Trust Agent (CTA) on the
host. This number must match the port number configured on the CTA. Enter a value in the range
1024 to 65535. The default setting is 21862.
• Retry if no response—Number of times the adaptive security appliance resends an EAP over UDP
message. This attribute limits the number of consecutive retries sent in response to Rechallenge
Interval expirations. The setting is in seconds. Enter a value in the range 1 to 3. The default setting
is 3.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals