EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1711 background imageLoading...
Page #1711 background image
1-77
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Connection Profiles, Group Policies, and Users
Supporting a Zone Labs Integrity Server
To set the firewall client type to the Zone Labs Integrity type, enter the following command:
Step 3
zonelabs-integrity interface interface
Example:
hostname(config)# zonelabs-integrity interface
inside
Specifies the inside interface for communications
with the Integrity server.
Step 4
zonelabs-integrity fail-timeout timeout
Example:
hostname(config)# zonelabs-integrity fail-timeout 12
Ensures that the ASA waits 12 seconds for a response
from either the active or standby Integrity servers
before declaring the Integrity server as failed and
closing the VPN client connections.
Note If the connection between the ASA and the
Integrity server fails, the VPN client
connections remain open by default so that
the enterprise VPN is not disrupted by the
failure of an Integrity server. However, you
may want to close the VPN connections if the
Zone Labs Integrity server fails.
Step 5
zonelabs-integrity fail-close
Example:
hostname(config)# zonelabs-integrity fail-close
Configures the ASA so that connections to VPN clients
close when the connection between the ASA and the
Zone Labs Integrity server fails.
Step 6
zonelabs-integrity fail-open
Example:
hostname(config)# zonelabs-integrity fail-open
Returns the configured VPN client connection fail
state to the default and ensures that the client
connections remain open.
Step 7
zonelabs-integrity ssl-certificate-port
cert-port-number
Example:
hostname(config)# zonelabs-integrity
ssl-certificate-port 300
Specifies that the Integrity server connects to port
300 (the default is port 80) on the ASA to request the
server SSL certificate.
Step 8
zonelabs-integrity ssl-client-authentication {enable
| disable}
Example:
hostname(config)# zonelabs-integrity
ssl-client-authentication enable
While the server SSL certificate is always
authenticated, also specifies that the client SSL
certificate of the Integrity server be authenticated.
Command Purpose
Command Purpose
client-firewall {opt | req} zonelabs-integrity
Example:
hostname(config)# client-firewall req
zonelabs-integrity
For more information, see the “Configuring VPN Client
Firewall Policies” section on page 70-74. The command
arguments that specify firewall policies are not used when the
firewall type is zonelabs-integrity, because the Integrity
server determines these policies.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals