![]() Control packets, on the other hand, always go over the SSL connection. Once the DTLS connection is established, the client sends the packets via the DTLS connection instead of via the SSL connection. Secure Sockets Layer (SSL)-Tunnel: The SSL connection is established first, and data is passed over this connection while it attempts to establish a DTLS connection.This allows the user to reconnect without reauthenticating. If the client sleeps/hibernates, the tunnels (IPsec/Internet Key Exchange (IKE)/ Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) protocols) are torn down, but the Parent remains until the idle timer or maximum connect time takes effect. ![]() Effectively, it works similar to a cookie, in that it is a database entry on the ASA that maps to the connection from a particular client. ![]() Note: The An圜onnect-Parent represents the session when the client is not actively connected. Based on the connection mechanism, the Cisco Adaptive Security Appliance (ASA) lists the session as Clientless (Weblaunch via the Portal) or Parent (Standalone An圜onnect). Clientless or Parent-Tunnel: This is the main session that is created in the negotiation in order to set up the session token that is necessary in case a reconnect is needed due to network connectivity issues or hibernation.There are two methods used in order to connect an An圜onnect session:īased on the way you connect, you create three different tunnels (sessions) on the ASA, each one with a specific purpose: This document describes in detail some important points about the Cisco An圜onnect Secure Mobility Client (An圜onnect) tunnels, the reconnect behavior and Dead Peer Detection (DPD), and the inactivity timer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |