beautypg.com

Setting client firewall parameters – Cisco ASA 5505 User Manual

Page 1492

background image

67-66

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 67 Configuring Connection Profiles, Group Policies, and Users

Supporting a Zone Labs Integrity Server

To set the firewall client type to the Zone Labs Integrity type, enter the following command:

Setting Client Firewall Parameters

Enter the following commands to set the appropriate client firewall parameters. You can configure only
one instance of each command.

Table 67-4

lists the syntax elements of these commands. For more

information, see the

“Configuring Firewall Policies” section on page 67-63

.

Cisco Integrated Firewall

hostname(config-group-policy)# client-firewall {opt | req} cisco-integrated acl-in ACL

acl-out

ACL

Cisco Security Agent

hostname(config-group-policy)# client-firewall {opt | req} cisco-security-agent

No Firewall

hostname(config-group-policy)# client-firewall none

Step 6

zonelabs-integrity fail-open

Example:

hostname(config)# zonelabs-integrity fail-open

Returns the configured VPN client connection fail
state to the default and ensures that the client
connections remain open.

Step 7

zonelabs-integrity ssl-certificate-port

cert-port-number

Example:

hostname(config)# zonelabs-integrity

ssl-certificate-port 300

Specifies that the Integrity server connects to port
300 (the default is port 80) on the ASA to request the
server SSL certificate.

Step 8

zonelabs-integrity ssl-client-authentication {enable

| disable}

Example:

hostname(config)# zonelabs-integrity

ssl-client-authentication enable

While the server SSL certificate is always
authenticated, also specifies that the client SSL
certificate of the Integrity server be authenticated.

Command

Purpose

Command

Purpose

client-firewall {opt | req} zonelabs-integrity

Example:

hostname(config)# client-firewall req

zonelabs-integrity

For more information, see the

“Configuring Firewall

Policies” section on page 67-63

. The command arguments

that specify firewall policies are not used when the firewall
type is zonelabs-integrity, because the Integrity server
determines these policies.

This manual is related to the following products:
See also other documents in the category Cisco Hardware: