Cisco Cisco Web Security Appliance S170 사용자 가이드
15-2
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 15 Achieving Secure Mobility
Working with Remote Users
•
Enable single sign-on (SSO) for remote users.
For information on enabling single sign-on, see
Working with Remote Users
When Secure Mobility Solution is enabled, you can configure Identities and other policies to apply to
users by their location:
users by their location:
•
Remote users. These users are connected to the network from a remote location using VPN (virtual
private network). Users might be located in a home office, coffee shop, or hotel, for example. The
Web Security appliance automatically identifies remote users when both the Cisco adaptive security
appliance and Cisco AnyConnect client are used for VPN access. Otherwise, the Web Security
appliance administrator must specify remote users by configuring a range of IP addresses.
private network). Users might be located in a home office, coffee shop, or hotel, for example. The
Web Security appliance automatically identifies remote users when both the Cisco adaptive security
appliance and Cisco AnyConnect client are used for VPN access. Otherwise, the Web Security
appliance administrator must specify remote users by configuring a range of IP addresses.
•
Local users. These users are connected to the network either physically or wirelessly.
You might want to create separate policies for remote and local users. For example, you can create
Access Policies that allow access to Arts and Entertainment sites when users are outside the office
(remote users), but block access when users are in the office (local users).
Access Policies that allow access to Arts and Entertainment sites when users are outside the office
(remote users), but block access when users are in the office (local users).
When you enable Secure Mobility Solution on the Security Services > AnyConnect Secure Mobility
Page, you identify remote users using one of the following methods:
Page, you identify remote users using one of the following methods:
•
Associate by IP address. Specify a range of IP addresses that the appliance should consider as
assigned to remote devices. Typically, the Cisco adaptive security appliance assigns these IP
addresses to devices that connect using VPN functionality. When the Web Security appliance
receives a transaction from one of the configured IP addresses, it considers the user as a remote user.
assigned to remote devices. Typically, the Cisco adaptive security appliance assigns these IP
addresses to devices that connect using VPN functionality. When the Web Security appliance
receives a transaction from one of the configured IP addresses, it considers the user as a remote user.
•
Integrate with a Cisco ASA. Specify one or more Cisco adaptive security appliances the Web
Security appliance communicates with. The Cisco adaptive security appliance maintains an IP
address-to-user mapping and communicates that information with the Web Security appliance.
When the Web Proxy receives a transaction, it obtains the IP address and determines the user by
checking the IP address-to-user mapping. When users are determined by integrating with a Cisco
adaptive security appliance, you can enable single sign-on for remote users.
Security appliance communicates with. The Cisco adaptive security appliance maintains an IP
address-to-user mapping and communicates that information with the Web Security appliance.
When the Web Proxy receives a transaction, it obtains the IP address and determines the user by
checking the IP address-to-user mapping. When users are determined by integrating with a Cisco
adaptive security appliance, you can enable single sign-on for remote users.
For information on enabling single sign-on, see
.
Enabling Secure Mobility
To protect remote users using always-on security, first you must enable the Secure Mobility Solution
feature on the Web Security appliance. When Secure Mobility Solution is enabled, you can distinguish
between remote users from local users when creating Identities.
feature on the Web Security appliance. When Secure Mobility Solution is enabled, you can distinguish
between remote users from local users when creating Identities.
Note
You can also configure Secure Mobility Solution using the CLI. For more information, see
To enable Secure Mobility Solution:
Step 1
Navigate to the Security Services > AnyConnect Secure Mobility page, and click Enable.
The AnyConnect Secure Mobility License Agreement appears.
Step 2
Read the terms of the AnyConnect Secure Mobility License Agreement, and click Accept.