Cisco Cisco Web Security Appliance S670 Betriebsanweisung

Cisco AnyConnect Secure Mobility extends the network perimeter to remote endpoints, enabling the 
integration of web filtering services offered by the Web Security appliance. 

Remote and mobile users use the Cisco AnyConnect Secure VPN (virtual private network)client to 
establish VPN sessions with the Adaptive Security Appliance (ASA). The ASA sends web traffic to the 
Web Security appliance along with information identifying the user by IP address and user name. The 
Web Security appliance scans the traffic, enforces acceptable use policies, and protects the user from 
security threats. The security appliance returns all traffic deemed safe and acceptable to the user. 

When Secure Mobility is enabled, you can configure identities and policies to apply to users by 
their location:

Remote users. These users are connected to the network from a remote location using VPN. The 
Web Security appliance automatically identifies remote users when both the Cisco ASA and Cisco 
AnyConnect client are used for VPN access. Otherwise, the Web Security appliance administrator 
must specify remote users by configuring a range of IP addresses.

Local users. These users are connected to the network either physically or wirelessly.

When the Web Security appliance integrates with a Cisco ASA, you can configure it to identify users by 
an authenticated user name transparently to achieve single sign-on for remote users.

Security Services > AnyConnect Secure Mobility, and click Enable.

Read the terms of the AnyConnect Secure Mobility License Agreement, and click Accept. 

Configure identification of remote users.

Create an identity for remote users.

In the “Define Members by User Location” 
section, select Remote Users Only.

In the “Define Members by Authentication” 
section, select “Identify Users Transparently 
through Cisco ASA Integration.” 

Create a policy for remote users.