Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 AnyConnect Client Group Policy Attbributes

69-9

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Group Policies

Note This feature works for HTTP connections, but not for FTP and CIFS.

•Connection Profile (Tunnel Group) Lock—This parameter permits remote VPN access only with the

selected connection profile (tunnel group), and prevents access with a different connection profile.

The default inherited value is None.

•On smart card removal—With the default option, Disconnect, the client tears down the connection

if the smart card used for authentication is removed. Click Keep the connection if you do not want

to require users to keep their smart cards in the computer for the duration of the connection.

•Maximum Connect Time—If the Inherit check box is not checked, this parameter specifies the

maximum user connection time in minutes. At the end of this time, the system terminates the

connection. The minimum is 1 minute, and the maximum is 35791394 minutes (over 4000 years).

To allow unlimited connection time, check Unlimited (the default).

•Idle Timeout—If the Inherit check box is not checked, this parameter specifies this user’s idle

timeout period in minutes. If there is no communication activity on the user connection in this

period, the system terminates the connection. The minimum time is 1 minute, and the maximum time

is 10080 minutes. The default is 30 minutes. To allow unlimited connection time, check Unlimited.

This value does not apply to Clientless SSL VPN users.

•Session Alert Interval— If you uncheck the Inherit check box, the Default checkbox is checked

automatically. This sets the session alert inteval to 30 minutes. If you want to specify a new value,

uncheck the Default check box and specify a session alert interval from 1 to 30 minutes in the

minutes box.

•Idle Alert Interval—If you uncheck the Inherit check box, the Default checkbox is checked

automatically. This sets the idle alert inteval to 30 minutes. If you want to specify a new value,

uncheck the Default check box and specify a session alert interval from 1 to 30 minutes in the

minutes box.

Modes

The following table shows the modes in which this feature is available:

AnyConnect Client Group Policy Attbributes

The following panes are displayed Advanced > AnyConnect Client.

Rekey Negotiation occurs when the security appliance and the client perform a rekey and they

renegotiate the crypto keys and initialization vectors, increasing the security of the connection.

Fields

•Renegotiation Interval—Uncheck the Unlimited check box to specify the number of minutes from

the start of the session until the rekey takes place, from 1 to 10080 (1 week).

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems AnyConnect Client Group Policy Attbributes