Chapter 5
Configuring AnyConnect Features Using ASDM
Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add
•
or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Key Regeneration
•
Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client > Key Regeneration
Figure 5-11
Figure 5-11
Key renegotiation occurs when the security appliance and the client perform a rekey and they renegotiate
the crypto keys and initialization vectors, increasing the security of the connection. The fields on this
dialog box are as follows:
•
Renegotiation Interval—Clear the Unlimited check box to specify the number of minutes from the
start of the session until the rekey takes place, from 1 to 10080 (1 week).
•
Renegotiation Method—Check the None check box to disable rekey, check the SSL check box to
specify SSL renegotiation during a rekey, or check the New Tunnel check box to establish a new
tunnel during rekey.
The security appliance does not currently support inline DTLS rekey. The AnyConnect client, therefore,
Note
treats all DTLS rekey events as though they were of the new tunnel method instead of the inline ssl type
(CSCsh93610).
OL-12950-012
shows an example of configuring the Rekey setting for an internal group policy.
Configuring Rekey Attributes
Configuring, Enabling, and Using Other AnyConnect Features
Cisco AnyConnect VPN Client Administrator Guide
5-13