Hashing : Clientless: (1)SHA1 SSL-Tunnel: (1)SHA1 DTLS-Tunnel: (1)SHA1 Protocol : Clientless SSL-Tunnel DTLS-TunnelĮncryption : Clientless: (1)RC4 SSL-Tunnel: (1)RC4 DTLS-Tunnel: (1)AES128 Here is sample output from the two connection methods.Īn圜onnect Connected via Web-launch: ASA5520-C(config)# show vpn-sessiondb detail anyconnectĪssigned IP : 192.168.1.4 Public IP : 172.16.250.17 If something happens to User Datagram Protocol (UDP), the DTLS-Tunnel is torn down and all data passes through the SSL-Tunnel again. DTLS-Tunnel: When the DTLS-Tunnel is fully established, all data moves to the DTLS-tunnel, and the SSL-Tunnel is only used for occasional control channel traffic.Control packets, on the other hand, always go over the SSL connection. Once the DTLS connection is established, the client sends the packets via the DTLS connection instead of via the SSL connection. Secure Sockets Layer (SSL)-Tunnel: The SSL connection is established first, and data is passed over this connection while it attempts to establish a DTLS connection.This allows the user to reconnect without reauthenticating. If the client sleeps/hibernates, the tunnels (IPsec/Internet Key Exchange (IKE)/ Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) protocols) are torn down, but the Parent remains until the idle timer or maximum connect time takes effect. Effectively, it works similar to a cookie, in that it is a database entry on the ASA that maps to the connection from a particular client. Note: The An圜onnect-Parent represents the session when the client is not actively connected. Based on the connection mechanism, the Cisco Adaptive Security Appliance (ASA) lists the session as Clientless (Weblaunch via the Portal) or Parent (Standalone An圜onnect). Clientless or Parent-Tunnel: This is the main session that is created in the negotiation in order to set up the session token that is necessary in case a reconnect is needed due to network connectivity issues or hibernation. ![]() There are two methods used in order to connect an An圜onnect session:īased on the way you connect, you create three different tunnels (sessions) on the ASA, each one with a specific purpose: This document describes in detail some important points about the Cisco An圜onnect Secure Mobility Client (An圜onnect) tunnels, the reconnect behavior and Dead Peer Detection (DPD), and the inactivity timer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |