67-65
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter67 Configuring Connection Profiles, Group Policies, and Users
Supporting a Zone Labs Integrity Server
Note The current release of the ASA supports one Integrity server at a time, even though the user interfaces
support the configuration of up to five Integrity servers. If the active Integrity server fails, configure
another one on the ASA and then reestablish the VPN client session.
Configuring Integrity Server Support
This section describes an example procedure for configuring the ASA to support the Zone Labs Integrity
servers. The procedure involves configuring address, port, connection fail timeout and fail states, and
SSL certificate parameters.
To configure the Integrity server, perform the following steps:
Command Purpose
Step1 zonelabs-Integrity server-address {hostname1 |
ip-address1}
Example:
hostname(config)# zonelabs-Integrity server-address
10.0.0.5
Configures an Integrity server using the IP address
10.0.0.5.
Step2 zonelabs-integrity port port-number
Example:
hostname(config)# zonelabs-integrity port 300
Specifies port 300 (the default port is 5054).
Step3 zonelabs-integrity interface interface
Example:
hostname(config)# zonelabs-integrity interface
inside
Specifies the inside interface for communications
with the Integrity server.
Step4 zonelabs-integrity fail-timeout timeout
Example:
hostname(config)# zonelabs-integrity fail-timeout 12
Ensures that the ASA waits 12 seconds for a response
from either the active or standby Integrity servers
before declaring the Integrity server as failed and
closing the VPN client connections.
Note If the connection between the ASA and the
Integrity server fails, the VPN client
connections remain open by default so that
the enterprise VPN is not disrupted by the
failure of an Integrity server. However, you
may want to close the VPN connections if the
Zone Labs Integrity server fails.
Step5 zonelabs-integrity fail-close
Example:
hostname(config)# zonelabs-integrity fail-close
Configures the ASA so that connections to VPN clients
close when the connection between the ASA and the
Zone Labs Integrity server fails.