Cisco Cisco Web Security Appliance S380 Guia Do Utilizador
5
Cisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide
Understanding How AnyConnect Secure Mobility Works
established, the Web Security appliance authenticates with the adaptive security
appliance using the configured ASA access password. After successful
authentication, the adaptive security appliance sends the IP address-to-user
mapping to the Web Security appliance. The connection remains open, and the
adaptive security appliance updates the IP address-to-user mapping as necessary.
For example, when a new VPN connection is made, it adds a new user to the
mapping, and when a VPN connection is closed, it deletes the user from the
mapping.
appliance using the configured ASA access password. After successful
authentication, the adaptive security appliance sends the IP address-to-user
mapping to the Web Security appliance. The connection remains open, and the
adaptive security appliance updates the IP address-to-user mapping as necessary.
For example, when a new VPN connection is made, it adds a new user to the
mapping, and when a VPN connection is closed, it deletes the user from the
mapping.
Note
If the connection between the Web Security appliance and an adaptive security
appliance is lost, the Web Security appliance tries to reestablish the connection
every 60 seconds by default. You can configure this time interval on the Web
Security appliance.
appliance is lost, the Web Security appliance tries to reestablish the connection
every 60 seconds by default. You can configure this time interval on the Web
Security appliance.
Communication from the Client
When a user opens a VPN session using Cisco AnyConnect, the AnyConnect
client connects to the adaptive security appliance using SSL. The client
authenticates with the adaptive security appliance and is assigned an internal IP
address on the network.
client connects to the adaptive security appliance using SSL. The client
authenticates with the adaptive security appliance and is assigned an internal IP
address on the network.
When the Web Security appliance is configured to integrate with the adaptive
security appliance, the adaptive security appliance instructs the client to directly
contact the Web Security appliance to test its connection. The client and Web
Security appliance use the VPN session to exchange some information, such as
copyright status.
security appliance, the adaptive security appliance instructs the client to directly
contact the Web Security appliance to test its connection. The client and Web
Security appliance use the VPN session to exchange some information, such as
copyright status.
Note
The client periodically checks connectivity to the Web Security appliance by
sending a request to a fictitious host. By default, the fictitious host URL is
mus.cisco.com. When AnyConnect Secure Mobility is enabled, the Web Security
appliance intercepts requests destined for the fictitious host and replies to the
client.
sending a request to a fictitious host. By default, the fictitious host URL is
mus.cisco.com. When AnyConnect Secure Mobility is enabled, the Web Security
appliance intercepts requests destined for the fictitious host and replies to the
client.