All,
Is there a way to prevent AnyConnect from prompting users with local
identify certificates (including CaC ones) from being prompted when we
only have AAA selected for auth on the profile?
With the default automatic certificate selection, if they have one cert
installed it tries to use
My understanding is the Cisco VPN (IPSEC) client don't have the host
integration features that are available in the AnyConnect client
(yet). One of the reasons we are doing SSL VPN on ASA is to be able to
do the host profiling and do the IT Approved / Other dynamic access
policies.
You can
I haven't read up the cert authentication much, but what stops the user
from moving the cert file to another un-approved device (per the
original question) - all you are doing is Two-factor at that point -
user but not host based checking correct?
-James
Matthew White wrote:
Hi Scott,
All,
We had been having some SSL VPN (TLS transport) performance issues on
ASA units dedicated to just VPN access.The issue is we're maxing out
at 5Mbps on a tunneled connection, but our legacy SSL VPN solution is
close to wire speed with the tunnel overhead taken into consideration
for
of the traffic
reduction (all above 50%) . The main non-optimized traffic is internet
bound in our case, as we centrally route internet out a data center from
the MPLS connected sites.
---
James Michael Keller
Tim Durack wrote:
Anyone got figures on the *minimum* latency the various WAN
-mode VPN feature worked to
avoid any packet mangling of the TCP options and we got full optimization.
I would also make sure you are on the latest and greatest release.
There have been a lot of improvements and general bug / crash fixes in
the in the last year.
---
James Michael Keller
to bring on third party POP sites, after the
local loop it will be all Verizon controlled.You would need to
confirm the current configuration with your sales team, but I haven't
had to terminate into anything other then a Verizon owned POP in the US
or Western Europe yet.
--
James Michael Keller
duplicate data for the same flow).
We're on the last 5.x build version before 6.x. Getting ready to
re-build it from a 6.x disk and see if the new SQL backend helps with
some of that until we get a dedicated netflow box in.
---
James Michael Keller
Ryan Hughes wrote:
MARS really isn't