CISCO AnyConnect 5.0 Secure Client User Guide
Folasaga Pepa
Saunia e:
Cisco Systems, Inc.
170 Sisifo Tasman Dr.
San Jose, CA 95134
O lenei pepa o loʻo tuʻuina atu Taʻiala i tagata IT mo le TOE, Cisco Secure Client - AnyConnect 5.0 mo iOS 16. O lenei pepa taʻiala e aofia ai faʻatonuga e faʻapipiʻi lelei ai le TOE i le Siosiomaga Faʻagaioiga, faʻatonuga e pulea le saogalemu o le TSF, ma faʻatonuga e tuʻuina atu ai se mafai ona puipuia pulega.
Toe Iloilo Tala'aga
| Fa'aliliuga | Aso | Suiga |
| 0.1 | Me 1, 2023 | Uluai Faiga |
| 0.2 | Iulai 27, 2023 | Fa'afouga |
Cisco ma le Cisco logo o fa'ailoga fa'ailoga po'o fa'ailoga fa'amaufa'ailoga a Cisco ma/po'o ona so'otaga i le US ma isi atunu'u. I view se lisi o faailoga tau Cisco, alu i lenei URL: www.cisco.com/go/trademarks. O fa'ailoga tau fefa'ataua'iga lona tolu o lo'o ta'ua o meatotino a latou lava tagata. O le faʻaaogaina o le upu paaga e le faʻaalia ai se mafutaga faʻapaʻaga i le va o Cisco ma soʻo se isi kamupani. (1110R)
© 2023 Cisco Systems, Inc. Ua taofia aia tatau uma.
Folasaga
O lenei Ta'iala mo Tagata Ta'ita'i Fa'atino ma Ta'iala Saunia o lo'o fa'amauina ai le pulega o le Cisco Secure ClientAnyConnect v5.0 mo Apple iOS 16 TOE, e pei ona fa'amaonia i lalo o Tulaga masani. Cisco Secure Client-AnyConnect v5.0 mo Apple iOS 16 e mafai ona fa'asino i lalo e le fa'apuupuuga fa'atatau VPN Client po'o le TOE.
Tagata fa'alogo
O lenei pepa ua tusia mo pule faʻapipiʻi ma faʻapipiʻi le TOE. O lenei pepa e fa'apea ua e masani i manatu faavae ma upu fa'aoga i luga ole initaneti, ma malamalama i lau topology feso'ota'iga ma fa'atonuga e mafai ona fa'aogaina e masini i lau 'upega tafa'ilagi, o oe o se tagata fa'atuatuaina, ma ua a'oa'oina oe e fa'aoga le fa'aogaina. faiga o lo'o e fa'agaioi ai lau feso'otaiga.
Faamoemoega
O lenei pepa o le Ta'iala mo Tagata Fa'agaioiga ma Ta'iala Tapena mo le iloiloga o Tulaga masani. Na tusia e faʻamaonia ai le faʻatulagaga TOE maʻoti ma galuega faʻafoe ma fesoʻotaʻiga e manaʻomia e faʻapipiʻi ma tausia le TOE i le faʻatulagaina o iloiloga. O lenei pepa e le o fa'atatau i fa'amatalaga fa'apitoa e fa'atino e le pule ae o se fa'afanua auala mo le fa'ailoaina o nofoaga talafeagai i totonu o fa'amaumauga a Cisco e maua ai fa'amatalaga fa'apitoa mo le fa'atulagaina ma le fa'atumauina o galuega a AnyConnect Secure Mobility Client. O tulafono talafeagai uma mo le faʻatonutonuina o faʻamaumauga TSF o loʻo tuʻuina atu i totonu o lenei faʻamaumauga i totonu o vaega taʻitasi.
Fa'amatalaga Fa'amaumauga
O lenei vaega o loʻo lisiina ai faʻamaumauga Cisco Systems o se vaega foi o le Lisi o Mea Faʻatonu Faʻatonu (CI). O pepa o loʻo faʻaaogaina o loʻo faʻaalia i lalo i le Laulau 1. I lenei pepa atoa, o taʻiala o le a tuʻuina atu e le "#", pei o le [1].
Laulau 1 Cisco Documentation
TOEview
O le TOE o le Cisco AnyConnect Secure Mobility Client (i totonu ina ua uma ona taʻua o le VPN client, poʻo le TOE). O le Cisco AnyConnect Secure Mobility Client e tuʻuina atu i tagata faʻaoga mamao le IPsec (IKEv2) VPN fesoʻotaʻiga i le Cisco 5500 Series Adaptive Security Appliance (ASA) VPN Gateway e faʻatagaina ai talosaga faʻapipiʻi e fesoʻotaʻi e pei o fesoʻotaʻi saʻo i le atinaʻe fesoʻotaʻiga.
Siosiomaga fa'atino
E manaʻomia e le TOE mea nei IT Environment Components pe a faʻapipiʻi le TOE i lona faʻatulagaina iloiloga:
Laulau 2. Vaega o le Siosiomaga o Galuega
| Vaega | Fa'aaogāina/Fa'amatalaga Fa'amoemoe |
| Tusi Faʻamaonia Pulega | O lo'o fa'aaogaina se Pulega Tusi Faamaonia e tu'uina atu ai tusipasi fa'atekinolosi aoga. |
| Fefa'ataua'iga Fe'avea'i | O le TOE e fa'alagolago i so'o se tasi o fa'atonuga o masini feavea'i a Apple e fa'amaonia e CC:
|
| ASA 5500-X fa'asologa VPN Gateway | O le Cisco ASA 5500-X faʻatasi ai ma le polokalama faakomepiuta 9.2.2 poʻo mulimuli ane galue o le ulu-ulu VPN Gateway. |
| Asdm Management Platform | O le ASDM 7.7 o lo'o fa'agaoioia mai so'o se tasi o faiga fa'aogaina nei:
|
O lo'o i lalo ole fa'avae Mobile e tu'uina atu ai nisi o fa'atinoga saogalemu o lo'o mana'omia ile MOD_VPNC_V2.4] ma o lo'o fa'ailoaina ile fa'aogaina o le fasifuaitau "TOE Platform" i lenei pepa.
O le Cisco AnyConnect TOE e fa'aogaina punaoa fa'akomepiuta feso'ota'iga i luga o le telefoni feavea'i OS platform e lafo ma maua ai fa'ailoga fa'ailoga. E le mafai e le TOE ona maua fa'amaumauga ma'ale'ale.
O faʻamatalaga i lenei pepa i le "ASA" e faʻasino ile VPN Gateway
Fa'aaofia Galuega
O galuega fa'atino o lo'o lisiina atu i lalo e le o aofia ai i le fa'atulagaina o iloiloga.
Fuafuaga 3. Fa'amavaega ma Fa'atatau
| Galuega Fa'amavae | Mafuaaga |
| E le o le FIPS 140-2 faiga fa'aoga | O le TOE e aofia ai le fa'aogaina o le FIPS. O auala FIPS e mafai ai e le TOE ona fa'aoga na'o fa'amaonia fa'amaonia. E tatau ona fa'agaoioia le fa'aogaina o le TOE ina ia fa'agaoioi le TOE i lona fa'atulagaina o iloiloga. |
| SSL Tunnel ma DLTS tunneling filifiliga | [MOD_VPNC_V2.4] e na'o le alavai IPsec VPN e fa'atagaina. |
O nei 'au'aunaga o le a fa'aletonu e ala i le fa'atulagaina. O le le aofia ai o lenei galuega e le afaina ai le tausisia o le Pro Protection Profiles.
Taualumaga ma Ta'iala Fa'atino mo Si'osi'omaga IT
Ina ia fa'agaioi i lona fa'atulagaina iloiloga, e mana'omia e le TOE le itiiti ifo ma le tasi (1) Tusi Fa'amaonia Pulega (CA), tasi (1) VPN Gateway, ma le tasi (1) Apple iPhone masini feavea'i.
Ina ia pei o si'osi'omaga PKI a le au fa'atau, o le a fa'asino i le vaega lea se fofo CA lua-vaega e fa'aaoga ai le Offline Root CA ma le Enterprise Subordinate CA fa'aaogaina Microsoft 2012 R2 Certificate Authority (CA). O isi oloa CA e suitulaga ia Microsoft e mafai ona fa'aoga.
O le Root CA o lo'o fa'atulagaina e avea o se 'au'aunaga tu'utasi (Workgroup) ae o le Subordinate CA o lo'o fa'atulagaina o se vaega o le Microsoft domain ma Active Directory auaunaga fa'aagaaga. O le ata o lo'o i lalo o lo'o maua ai se fa'aaliga va'aia o le TOE ma le IT
Siosiomaga. O le TOE o se polokalama faakomepiuta o loʻo faʻaogaina i luga o iOS 13. O le tuaoi TOE o loʻo faʻaalia i le laina mumu. Va'ai ata 1 i lalo.
Ata 1. TOE ma le Siosiomaga
O lo'o tu'uina atu e le Subordinate CA tusipasi numera X.509 ma tu'uina atu se Lisi Fa'aleaogaina o Tusi Faamaonia (CRL) i le TOE Platform ma le VPN Gateway.
I le isi itu, e tasi (1) a'a tasi Enterprise CA e mafai ona fa'aogaina.
- Fa'apipi'i ma Fa'atulaga se Pulega Tusi Faamaonia
Afai e fa'aaogaina se fofo CA lua-vaega a Microsoft, fa'apipi'i ma fa'atulaga se A'a (GRAYCA) ma le Pulega Tulaga Fa'apitoa mo Pisinisi (GRAYSUBCA1) e tusa ai ma ta'iala mai le fa'atau. O lo'o ta'ua i lalo se ta'iala i lea la'asaga mo le fa'atulagaina o Auaunaga Tusi Fa'amaonia a Microsoft Active Directory:
http://technet.microsoft.com/en-us/library/cc772393%28v=ws.10%29.aspx
O lo'o fa'apea ua fa'apipi'iina ma fa'atuatuaina le tusipasi Offline Root CA (GRAYCA) ma le Enterprise Subordinate CA (GRAYSUBCA1) tusipasi o lo'o fa'aalia i le ata 1 ina ia mautinoa ua fa'amautu se filifili tusi fa'atuatuaina. Afai e fa'aaogaina se CA mai se fa'atau e ese mai i le Microsoft, mulimuli i le ta'iala fa'apipi'i a le tagata fa'atau.
E tusa lava po o le a le oloa CA na faʻaaogaina, o le tusipasi RSA i luga o le ASA E TATAU ona iai mea faʻaoga Faʻaoga ma Faʻalautele Faʻaoga Faʻaoga:
- Fa'aoga autu: Saini Faafuainumera, Maliega Autu
- EKU: IP saogalemu IKE vaeluaga, IP fa'ai'uga puipuiga faiga
O matā'upu Su'esu'e Su'esu'e (SAN) i totonu o tusipasi ECDSA ma RSA i le ASA E TATAU ona fetaui ma fa'amatalaga feso'ota'iga o lo'o fa'amaoti mai i totonu ole AnyConnect pro.file luga ole kalani.
- Faʻapipiʻi ma faʻapipiʻi se VPN Gateway
Faʻapipiʻi Cisco ASA 9.1 (poʻo mulimuli ane), faʻatasi ma le ASDM, e tusa ai ma taʻiala faʻapipiʻi ma faʻasalalauga faʻamatalaga talafeagai mo le faʻapipiʻiina o lomiga. ASDM fa'atagaina le ASA e pulea mai se fa'aoga fa'aoga fa'akomepiuta. I le isi itu, afai e manaʻo le pule, e mafai ona faʻaogaina laasaga faʻatulagaina laina tutusa (CLI).
Fa'atonuga Fa'amatalaga: Ona o lo'o i ai fa'asologa o lo'o pulea e le ASA, e tatau i le Gateway Administrator ona mulimulita'i i la'asaga i lenei vaega e fa'amautinoa ai o lo'o iai le TOE i lona fa'atulagaina o iloiloga.
- Fa'aagaoi so'o se feso'ota'iga ma IKEv2 ile ASA. I le ASDM, alu ile Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles ma filifili Enable Cisco AnyConnect checkbox ma Fa'ataga Avanoa i lalo ole IKEv2.
- I luga ole AnyConnect Connection Profiles itulau o loʻo taʻua i luga, filifili Device Certificate. Ia mautinoa Fa'aaoga le tusipasi masini lava e tasi... E LE siakiina ma filifili le tusipasi ID EC i lalo ole tusi faamaonia masini ECDSA. Ona filifili lea Ok.
- Fausia faiga fa'avae crypto IKEv2 e fa'aaoga ai algorithms fa'atagaina i le Common Criteria iloiloga fa'atulagaina. I le ASDM, alu ile Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPsec > IKE Policies ma fa'aopoopo se faiga fa'avae IKEv2.
Filifili Fa'aopoopo ma fa'aofi le 1 mo le fa'amuamua maualuga. Ole laina ole 1 ile 65535, ma le 1 ole fa'amuamua maualuga.
Fa'ailoga:
AES: Fa'ailoa mai le AES-CBC fa'atasi ai ma le 128-bit key encryption mo le ESP.
AES-256: Fa'ailoa mai le AES-CBC fa'atasi ai ma le 256-bit key encryption mo le ESP.
AES-GCM-128: Fa'ailoa mai le AES Galois Counter Mode 128-bit encryption
AES-GCM-256: Fa'ailoa mai le AES Galois Counter Mode 256-bit encryption
Vaega DH: Filifili le fa'ailoga vaega o Diffie-Hellman. O lenei mea e faʻaaogaina e tagata taʻitoʻatasi IPsec e maua ai se mealilo faʻasoa, e aunoa ma le tuʻuina atu o le tasi i le isi. Filifiliga aoga o: 19 ma le 20.
PRF Hash – Fa'ailoa le PRF na fa'aaogaina mo le fausiaina o mea fa'aoga mo fa'amatalaga fa'ata'oto uma o lo'o fa'aogaina ile SA. Filifiliga aoga o: sha256 ma sha384
I lenei example configuration filifili:
Fa'amuamua: 1
AES Galois Counter Mode (AES-GCM) 256-bit encryption: A filifilia le GCM, e taofia ai le manaʻoga e filifili se algorithm faʻamaoni. E mafua ona o le faʻamaoni gafatia e fausia i totonu o le GCM, e le pei o le CBC (Cipher-Block Chaining).
Vaega o Diffie-Hellman: 20
Fa'amaoni Hash: Null
PRF Hash: sha384
Taimi atoa: 86400
Filifili Ua lelei.
Pule Fa'amatalaga: Fa'aaogāina o so'o se Fa'ailoga Fa'aopoopo, DH-Group, Fa'amaoni po'o le PRF Hash e le o lisiina i luga e le'o iloiloina.
Pule Fa'amatalaga: O lo'o fa'aalia e le fa'ailoga maualuga le parakalafa fa'amalosia malosi o le IKE. Ia fa'amautinoa ua siaki le parakalafa o le Fa'amalosia o le Puipuiga (SA). O lenei mea e faʻamautinoa ai o le malosi o le IKEv2 encryption cipher e maualuga atu nai lo le malosi o lana tamaititi IPsec SA's encryption ciphers. Algoritm malosi maualuga o le a faʻaititia.
Ole CLI tutusa ole: crypto ipsec ikev2 sa-malosi-fa'amalosia
- Fausia se talosaga IPSEC. I le ASDM, alu ile Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPsec > IPsec Proposals (Transform Sets) ma fa'aopoopo se IKEv2 IPsec Proposal. ona filifili lea ua lelei.
I le exampi lalo ole igoa ole NGE-AES-GCM-256 ma le AES-GCM-256 mo faʻailoga ma Null mo le Integrity Hash:
- Fausia se faʻafanua crypto malosi, filifili le talosaga IPsec ma faʻaoga i le atinaʻe fafo. I le ASDM, alu ile Configuration > Remote Access VPN > Network (Client) Access > Advanced > IPsec > Crypto Maps. Filifili Faʻaopoopo, filifili le atinaʻe fafo ma le IKEv2 talosaga.
Kiliki le Advanced Tab. Ia mautinoa mea nei:
Fa'amalo le NAT-T —E mafai ai le NAT Traversal (NAT-T) mo lenei faiga faavae
Fa'aSaogalemu Asosi Fa'atonuga Olaga — ua seti i le 8 itula (28800 sekone) - Fausia se vaitaele tuatusi VPNUSERS o le a tuʻuina atu i tagata faʻaoga VPN. O vaitu'u tuatusi o lo'o iai vaega nei:
Igoa —Fa'ailoa mai le igoa ua tu'u i le vaituloto o tuatusi IP.
Amata le tuatusi IP —Fa'ailoa le tuatusi IP muamua i le vaita'ele.
Fa'ai'u tuatusi IP —Fa'ailoa le tuatusi IP mulimuli i le vaita'ele.
Lafoa'i ufimata— Filifili le subnet mask e fa'aoga ile tuatusi ile vaita'ele.
I le ASDM, alu ile Configuration> Remote Access VPN> Network (Client) Access> Address Assignment> Address Pools ma faʻaopopo se IP pool e faʻamaonia ai fanua o loʻo i luga ona filifili lea Ok.
Faʻaopoopo se faiga faʻavae faʻavae e faʻaoga ai tulaga manaʻomia i tagata faʻaoga VPN. Faiga Fa'avae e fa'atagaina oe e pulea faiga fa'avae a AnyConnect VPN. O se faiga fa'avae VPN o se fa'aputuga o uiga fa'aoga/taua pa'aga o lo'o teuina i totonu ole masini ASA. O le fa'atulagaina o faiga fa'avae VPN e mafai ai e tagata fa'aoga ona maua uiga e te le'i fa'atulagaina i le vaega ta'itasi po'o le igoa ole igoa. Ona o le faaletonu, e leai se fa'alapotopotoga o faiga fa'avae a tagata fa'aoga VPN. O fa'amatalaga faiga fa'avae o lo'o fa'aogaina e vaega VPN tunnel ma fa'amatalaga fa'aoga. I le ASDM, alu i le Configuration > Remote Access VPN > Network (Client) Access > Group Polices ma Fa'aopoopo se faiga fa'avae i totonu. Ia mautinoa o le VPN tunnel protocol ua seti i le IKEv2 ma o le IP pool na faia i luga o loʻo faʻasino i totonu o le faiga faʻavae e ala i le faʻamalo le filifilia o le Inherit check box ma filifili le tulaga talafeagai. DNS talafeagai, WINS ma igoa fa'apitonu'u e mafai fo'i ona fa'aopoopo i totonu o le faiga fa'avae i le vaega Servers.
Fa'asino i le example faiga faavae NGE-VPN-GP i lalo:
- Fausia se igoa vaega alavai. O se vaega alavai o lo'o iai faiga fa'avae feso'ota'iga mo le feso'ota'iga IPsec. O se faiga fa'avae feso'ota'iga e mafai ona fa'amaonia ai le fa'amaoni, fa'atagaga, ma fa'aumau fa'amaumauga, se faiga fa'avae fa'aletonu, ma uiga IKE.
I le ASDM, alu ile Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles. I le pito i lalo ole itulau i lalo ole Connection Profiles, filifili Faaopoopo.
I le example i lalo ole alāvai igoa vaega NGE-VPN-RAS o loʻo faʻaaogaina.
O le fa'asologa o fa'asinomaga Fa'amaoniga fa'amaonia, le faiga fa'avae fa'atasi NGE-VPN-GP ma Enable IPsec (IKEv2). DNS ma le igoa ole igoa e mafai foi ona faʻaopoopo iinei. Ia mautinoa foi e na'o le IPsec e fa'aogaina e ala i le le siakiina o le fa'atagaina o le SSL VPN Client Protocol.
- Fausia se faʻafanua tusi faamaonia, faʻafanua le NGE VPN tagata faʻaoga i le VPN tunnel group lea na faia muamua. Ole fa'afanua tusipasi ole a fa'aoga ile tagata fa'aoga AC. I lenei fa'ata'ita'iga, o le igoa masani o le Subordinate CA sa fa'atusaina e fa'amautinoa ai o se talosaga fa'avae TOE o lo'o o'o mai ma se tusipasi a le EC na tu'uina atu mai le Subordinate CA o le a fa'afanua i le vaega alavai talafeagai lea na faia muamua. VPN tagata faʻaoga e leʻi tuʻuina atu se tusi faamaonia mai le EC CA o le a toe foʻi i le faʻaogaina o vaega alalaupapa ma
le fa'amaoniaina ma o le a le mafai ona maua.
I le ASDM, alu ile Configuration > Remote Access VPN > Advanced > Certificate to AnyConnect and Clientless SSL VPN Connection Profile Faafanua. I lalo o le Tusi Faamaonia i le Connection Profile Fa'afanua filifili Fa'aopoopo. Filifili le DefaultCertificateMap o loʻo iai ma se faʻamuamua o le 10 ma faʻasino le NGE-RAS-VPN tunnel group.
I le ASDM, alu ile Configuration > Remote Access VPN > Advanced > Certificate to AnyConnect and Clientless SSL VPN Connection Profile Faafanua. I lalo o Mapping Criteria filifili Fa'aopoopo. Filifili le Tuuina atu mo le fanua, Igoa masani (CN) mo vaega, O loʻo i ai mo le Faʻatonu, ona filifili lea o le Ok.
Ia mautinoa e filifili APPLY i luga o le itulau autu ma SAVE le faatulagaga. - Fa'atulaga le ASA e talia feso'ota'iga VPN mai le tagata fa'atau AnyConnect VPN, fa'aoga le AnyConnect VPN Wizard. O lenei fa'ata'ita'i fa'atonuina IPsec (IKEv2) VPN protocols mo feso'ota'iga mamao. Va'ai ile fa'atonuga iinei:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asdm710/vpn/asdm-710-vpnconfig/vpn-wizard.html#ID-2217-0000005b
Ta'iala mo Ta'iala ma Ta'iala mo le TOE
Ina ia faʻapipiʻi le Cisco Secure Client-AnyConnect TOE, mulimuli i laasaga o loʻo i lalo:
- Tatala le App Store.
- Filifili Su'e
- I totonu o le Pusa Su'esu'e, ulufale Cisco Secure Client-AnyConnect
- Tap INSTALL APP
- Filifili Fa'apipi'i
Amata Cisco Secure Client-AnyConnect
Tap le Cisco Secure Client-AnyConnect icon e amata ai le talosaga. Afai o le taimi muamua lea e te amataina ai Cisco Secure Client-AnyConnect pe a uma ona faʻapipiʻi pe faʻaleleia, filifili OK e mafai ai e le TOE ona faʻalautele le Virtual Private Network (VPN) gafatia o lau masini.
Fa'amaoni Fa'amaoni
E fa'atino le fa'amaoniaina o le fa'amaoni i taimi uma e utaina ai le app ma fa'atali mo le fa'amaonia o le fa'amaoni e fa'auma. O auaunaga fa'akomepiuta o lo'o tu'uina atu e le iOS platform e vala'auina e fa'amaonia le saini numera o le TOE's executable. files. Afai e le mafai ona faʻamaeʻa lelei le faʻamaoniga o le amiosaʻo, o le a le faʻapipiʻiina le GUI, ma faʻaaogaina le app. Afai e manuia le fa'amaoniga o le fa'amaoni, o le GUI o le a fa'apipi'i ma fa'agaioi masani.
Fa'atonu Fa'asinomaga Fa'asinomaga
O lenei vaega o loʻo faʻamaonia ai le faʻatulagaina o le faʻamatalaga faʻamatalaga mo le VPN Gateway peer. I le taimi o le IKE vaega 1 faʻamaoniga, e faʻatusatusa e le TOE le faʻamatalaga faʻamatalaga i le faʻamatalaga na tuʻuina atu e le VPN Gateway. Afai e iloa e le TOE latou te le fetaui, o le a le manuia le faʻamaoniga.
Filifili Feso'ota'iga mai le mata o le fale i view o fa'amaumauga ua uma ona fa'atulagaina i lau masini. E mafai ona lisiina le tele o fesoʻotaʻiga, o nisi i lalo ole ulutala Per-App VPN. O fa'amaumauga o feso'ota'iga e ono iai le tulaga nei:
- Ua mafai— O lenei fa'aoga feso'ota'iga e mafai e le pule o masini feavea'i ma e mafai ona fa'aoga mo feso'ota'iga.
- Malosi— O lo'o fa'agaoioi nei le fa'ailoga feso'ota'iga ua fa'ailogaina pe fa'ailogaina.
- Feso'ota'i— O lenei feso'ota'iga feso'ota'iga o lo'o galue ma o lo'o feso'ota'i ma fa'agaoioia.
- motusia— O lenei fa'aoga feso'ota'iga o lo'o fa'agaoioia ae o lo'o motusia ma e le o fa'agaoioia.
Mo faatonuga tagai ile “Fa'aopoopo pe Suia Fa'amatalaga So'oga ma le Manu'a” vaega o [3].
Fa'atonu le Fa'aaogaina o Tusi Faamaonia
AnyConnect mana'omia se tusipasi X.509. Fa'asino i le “Fa'atonu Tusi Faamaonia” vaega o [3].
Poloka Server Le Fa'atuatuaina
Ole seti ole talosaga e iloa ai pe poloka e AnyConnect feso'ota'iga pe a le mafai ona iloa le faitoto'a malupuipuia.
O lenei puipuiga ua ON ona o le faaletonu ma e le tatau ona PI.
E fa'aogaina e AnyConnect le tusi pasi na maua mai le 'au'aunaga e fa'amaonia ai lona fa'ailoga. Afai e iai se fa'ailoga sese ona o se aso ua mae'a pe le aoga, sese le fa'aogaina o ki, po'o se igoa le fetaui, ua poloka le feso'ota'iga.
Seti le VPN FIPS Mode
O le VPN FIPS Mode e fa'aogaina ai le Federal Information Processing Standards (FIPS) cryptography algorithms mo so'oga VPN uma.
- I le Cisco Secure Client-AnyConnect app, tap Settings.
- Oomi le tulaga FIPS e fa'aaga ai le fa'atulagaga.
Ina ia fa'amalieina mana'oga fa'ata'oto i le ST, e tatau ona fa'aagaaga le mode FIPS. I le faʻamaoniaina o lau suiga o le FIPS, e alu ese le app ma e tatau ona toe amata ma le lima. I le toe amataina, o lau faʻatulagaina o tulaga FIPS o loʻo faʻaaogaina.
Faiga Tausi Tusi Faamaonia Maoti
O lenei faʻatulagaga e faʻapipiʻi ai le Cisco Secure Client-AnyConnect TOE e le faʻatagaina le tusi faamaonia o le pito ulu VPN Gateway e le mafai ona faʻamaonia otometi.
- Mai le faamalama o le fale, tap Menu > Seti.
- Fa'aagaoioi le Fa'atonuga Fa'atonuga Fa'atonu.
I le isi taumafaiga feso'ota'iga, Strict Certificate Trust o le a mafai
Siaki le fa'aleaogaina o le Tusi Faamaonia
O lenei faatulagaga e pulea pe o le Cisco Secure Client-AnyConnect TOE o le a fuafuaina le tulaga faalēaogāina o le tusi faamaonia na maua mai le ulu-end VPN Gateway. O lenei seti e tatau ona ON ma e le tatau ona tape.
- Mai le faamalama o le fale AnyConnect, tap Menu > Seti.
- Fa'aaga le Siaki Tusi Fa'ailo Fa'aleaogaina ina ia mafai ai lenei fa'atulagaga.
Fa'atonuga mo le TOE
Fa'atuina se So'oga VPN
Fa'asino i le “Faatutu a VPN So'oga" vaega o [3].
E tatau i le Pule ona matau tulafono nei PROTECT, BYPASS, ma DISCARD e uiga i le faʻaogaina o le IPsec i soʻo seConnect:
- PUIPUIA
O fa'amaumauga mo le POLOGA e fa'apipi'iina e ala i faiga fa'avae mamao a vaega ole ASA ile fa'aogaina ole ASDM. Mo fa'amaumauga ole PROTECT, ole auala e tafe atu ile alalaupapa IPsec VPN na saunia e le TOE. Leai se fa'atulagaga e mana'omia mo le TOE tunnel uma fe'avea'i. E mafai e le pule ona fa'atulaga manino lenei amio i le fa'atonuga i totonu o latou Faiga Fa'avae: split-tunnel-policy tunnelall - TULAFONO
E lagolagoina e le TOE galuega a le BYPASS (pe a fa'atagaina manino e le faiga fa'avae Remote Access). A fa'aagaina le tunneling vaeluaga, o le ASA VPN Gateway e tuleia se lisi o vaega o feso'otaiga i le TOE i PUIPUIA. O isi femalagaiga uma e feoa'i e le'i puipuia e aunoa ma le fa'aaofia ai o le TOE fa'apea e le'o ai le puipuiga o le IPsec.
O le vaeluaga tunneling ua fa'atulagaina i se faiga fa'avae a le Network (Client) Access group policy. O lo'o i ai i le pule ia filifiliga nei:
E le o fa'ailoa mai: Tu'u ese na'o feso'ota'iga ua fa'amaoti mai e vaelua-tunnel-network-list
Alafua fa'amaoti: Tunnel na'o feso'ota'iga o lo'o fa'amaoti mai e le lisi vaeluaga o feso'ota'iga Va'ai i le "About Configuring Split Tunneling for AnyConnect Traffic" vaega i le VPN ASDM configuration guide ma va'ai laasaga o lo'o tu'uina atu i le "Configure Split-Tunneling for AnyConnect Traffic" vaega. A uma ona fai suiga ile faiga fa'avae ile ASDM, ia mautinoa ole faiga fa'avae e feso'ota'i ma se Connection Profile i Configuration > Avanoa Mamao VPN > Feso'ota'iga (Client) Avanoa > So'o se Feso'ota'iga Profiles > Fa'aopoopo/Fa'atonu > Faiga Fa'avae. O fa'amaumauga a le BYPASS SPD o lo'o tu'uina atu e le fa'alapotopotoga talimalo e ala i tulafono fa'atulafonoina o pemita fe'avea'i. Leai se fa'atulagaga e mana'omia ile TOE platform e fa'ataga ai ona pasia lenei fe'avea'i. - TALA
O tulafono a le DISCARD e fa'atinoina na'o le tulaga TOE. E leai se atina'e fa'atonu mo le fa'amaotiina o se tulafono DISCARD.
Mataʻituina ma Faʻafitauli
Fa'asino i le Mataʻituina ma Faʻafitauli vaega o [3].
Tu'u ese mai Cisco Secure Client-AnyConnect
O le alu ese mai le app e faʻamutaina ai le fesoʻotaʻiga VPN o loʻo iai nei ma taofi uma faiga TOE. Fa'aaogā fa'atasi lenei gaioiga. O isi polokalame po'o faiga i luga o lau masini atonu o lo'o fa'aogaina le feso'ota'iga VPN o lo'o iai nei ma alu ese mai le Cisco Secure Client-AnyConnect app e ono a'afia ai le latou gaioiga.
Mai le faamalama o le fale, tap Menu > Alu.
Cryptographic Lagolago
O le TOE o lo'o tu'uina atu fa'amatalaga e lagolago ai le IPsec fa'atasi ai ma le ESP symmetric cryptography mo le tele o fa'ailoga AES/decryption ma le SHA-2 algorithm mo le hashing. E le gata i lea, o le TOE o loʻo tuʻuina atu faʻamatalaga e lagolago ai le fesuiaiga o autu o le Diffie Hellman ma galuega faʻavae o loʻo faʻaaogaina i le IKEv2 ma le ESP protocols. O fa'atonuga e fa'atulaga ai galuega fa'akomepiuta o lo'o fa'amatalaina i le vaega o le "Tula'iga ma Ta'iala mo le Si'osi'omaga IT" o lenei pepa.
Fa'afouga Fa'atuatuaina
O lenei vaega o loʻo tuʻuina atu ai faʻatonuga mo le taliaina saogalemu o le TOE ma soʻo se toe faʻafouga TOE mulimuli ane. "Faʻafouga" o se faʻamatalaga fou o le TOE.
TOE versioning e mafai ona fesiligia e le tagata fa'aoga. Mai le mata o le fale tap "About". E mafai fo'i ona fesiligia le fa'aliliuga e ala i le fa'aoga feavea'i:
- iPhone: Tatala Seti ma alu i le General> Fa'aoga. I lalo o le teuina, su'e le Cisco Secure Client Any Connect ma tap. O faʻamatalaga faʻamatalaga o le a faʻaalia.
O fa'afouga ile Cisco Secure Client-AnyConnect TOE e fa'atautaia e ala ile Apple App Store ile fa'aogaina ole fa'agasologa o lo'o i lalo.
Fa'aaliga: Aʻo leʻi faʻaleleia lau masini e tatau ona e motusia le sauniga VPN pe a faʻatūina se tasi, ma tapuni le talosaga pe a tatala. Afai e te le faia lenei mea, e manaʻomia le toe faʻafouina o lau masini aʻo leʻi faʻaaogaina le lomiga fou o le Cisco Secure Client-AnyConnect TOE.
- Tap le App Store icon i luga ole itulau autu o iOS.
- Tap le Cisco Secure Client-AnyConnect fa'aaliga fa'aleleia.
- Faitau e uiga i foliga fou.
- Kiliki Fa'afou.
- Ulufale lau Apple ID Password.
- Tap Ua lelei.
Fa'afou le fa'afouga.
Mauaina o Faamaumauga ma Tuuina atu se Talosaga Auaunaga
Mo faʻamatalaga e uiga i le mauaina o faʻamaumauga, faʻaaogaina le Cisco Bug Search Tool (BST), tuʻuina atu o se talosaga tautua, ma le aoina o faʻamatalaga faaopoopo, vaʻai O le a le mea fou ile Cisco Product Documentation.
Ina ia maua sa'o i luga o lau laulau, e mafai ona e lesitala i le O le a le mea fou ile Cisco Product Documentation RSS feed. O fafaga RSS o se auaunaga e leai se totogi.
Fa'afeso'ota'i Cisco
Cisco e silia ma le 200 ofisa i le lalolagi atoa. O tuatusi, numera telefoni, ma numera fesi o lo'o lisiina ile Cisco webnofoaga i www.cisco.com/go/office.
Pepa / Punaoa
 |
CISCO AnyConnect 5.0 Secure Client [pdf] Taiala mo Tagata Fa'aoga 5.0 mo iOS 16, AnyConnect 5.0 Secure Client, 5.0 Secure Client, Secure Client, Client |
