Cisco Cisco Web Security Appliance S380 Guia Do Utilizador
Cisco AnyConnect Secure Mobility Solution Guide
Understanding How AnyConnect Secure Mobility Works
4
Cisco AnyConnect Secure Mobility Solution Guide
The Web Security appliance tracks the requests it receives and applies policies
configured for remote users to traffic received from remote users. For information
on how it identifies remote users, see
configured for remote users to traffic received from remote users. For information
on how it identifies remote users, see
.
Depending on how you configure the Web Security appliance, the AnyConnect
client may use a VPN connection to an adaptive security appliance to
communicate directly with the Web Security appliance. For more information, see
client may use a VPN connection to an adaptive security appliance to
communicate directly with the Web Security appliance. For more information, see
Communication Between the ASA and WSA
Whether the Web Security appliance interacts and communicates with the
adaptive security appliance depends on how the Web Security appliance is
configured to identify remote users. The Web Security appliance keeps track of
the traffic it receives and applies policies configured for remote users to traffic
received from remote users. It identifies remote users using one of the following
methods:
adaptive security appliance depends on how the Web Security appliance is
configured to identify remote users. The Web Security appliance keeps track of
the traffic it receives and applies policies configured for remote users to traffic
received from remote users. It identifies remote users using one of the following
methods:
•
Associate by IP address. The Web Security appliance administrator specifies
a range of IP addresses that it considers as assigned to remote devices.
Typically, the adaptive security appliance assigns these IP addresses to
devices that connect using VPN functionality. When the Web Security
appliance receives a transaction from one of the configured IP addresses, it
considers the user as a remote user. With this configuration, the Web Security
appliance does not communicate with any adaptive security appliance.
a range of IP addresses that it considers as assigned to remote devices.
Typically, the adaptive security appliance assigns these IP addresses to
devices that connect using VPN functionality. When the Web Security
appliance receives a transaction from one of the configured IP addresses, it
considers the user as a remote user. With this configuration, the Web Security
appliance does not communicate with any adaptive security appliance.
•
Integrate with a Cisco ASA. The Web Security appliance administrator
configures the Web Security appliance to communicate with one or more
adaptive security appliances. The adaptive security appliance maintains an IP
address-to-user mapping and communicates that information to the Web
Security appliance. When the Web Security appliance receives a transaction,
it obtains the IP address and checks the IP address-to-user mapping to
determine the user name. When you integrate with an adaptive security
appliance, you can enable single sign-on for remote users. With this
configuration, the Web Security appliance communicates with the adaptive
security appliance.
configures the Web Security appliance to communicate with one or more
adaptive security appliances. The adaptive security appliance maintains an IP
address-to-user mapping and communicates that information to the Web
Security appliance. When the Web Security appliance receives a transaction,
it obtains the IP address and checks the IP address-to-user mapping to
determine the user name. When you integrate with an adaptive security
appliance, you can enable single sign-on for remote users. With this
configuration, the Web Security appliance communicates with the adaptive
security appliance.
When the Web Security appliance is configured to integrate with an adaptive
security appliance, it tries to establish an HTTPS connection with all configured
adaptive security appliances when it first starts up. Once the connection is
security appliance, it tries to establish an HTTPS connection with all configured
adaptive security appliances when it first starts up. Once the connection is