EasyManuals Logo
Home>Cisco>Firewall>5510 - ASA SSL / IPsec VPN Edition

Cisco 5510 - ASA SSL / IPsec VPN Edition User Manual

Cisco 5510 - ASA SSL / IPsec VPN Edition
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1711 background imageLoading...
Page #1711 background image
1-77
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Supporting a Zone Labs Integrity Server
To set the firewall client type to the Zone Labs Integrity type, enter the following command:
Step 3
zonelabs-integrity interface interface
Example:
hostname(config)# zonelabs-integrity interface
inside
Specifies the inside interface for communications
with the Integrity server.
Step 4
zonelabs-integrity fail-timeout timeout
Example:
hostname(config)# zonelabs-integrity fail-timeout 12
Ensures that the ASA waits 12 seconds for a response
from either the active or standby Integrity servers
before declaring the Integrity server as failed and
closing the VPN client connections.
Note If the connection between the ASA and the
Integrity server fails, the VPN client
connections remain open by default so that
the enterprise VPN is not disrupted by the
failure of an Integrity server. However, you
may want to close the VPN connections if the
Zone Labs Integrity server fails.
Step 5
zonelabs-integrity fail-close
Example:
hostname(config)# zonelabs-integrity fail-close
Configures the ASA so that connections to VPN clients
close when the connection between the ASA and the
Zone Labs Integrity server fails.
Step 6
zonelabs-integrity fail-open
Example:
hostname(config)# zonelabs-integrity fail-open
Returns the configured VPN client connection fail
state to the default and ensures that the client
connections remain open.
Step 7
zonelabs-integrity ssl-certificate-port
cert-port-number
Example:
hostname(config)# zonelabs-integrity
ssl-certificate-port 300
Specifies that the Integrity server connects to port
300 (the default is port 80) on the ASA to request the
server SSL certificate.
Step 8
zonelabs-integrity ssl-client-authentication {enable
| disable}
Example:
hostname(config)# zonelabs-integrity
ssl-client-authentication enable
While the server SSL certificate is always
authenticated, also specifies that the client SSL
certificate of the Integrity server be authenticated.
Command Purpose
Command Purpose
client-firewall {opt | req} zonelabs-integrity
Example:
hostname(config)# client-firewall req
zonelabs-integrity
For more information, see the “Configuring VPN Client
Firewall Policies” section on page 70-74. The command
arguments that specify firewall policies are not used when the
firewall type is zonelabs-integrity, because the Integrity
server determines these policies.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Configuration Guide
Configuration Guide1822 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals