ADC CLI Commands

vpn-alwaysONProfile

The following operations can be performed on “vpn-alwaysONProfile”:

rm show set unset add

rm vpn alwaysONProfile

Removes a previously created AlwaysON device profile.

Synopsis

rm vpn alwaysONProfile

Arguments

name Name of AlwaysON profile to remove

show vpn alwaysONProfile

Displays information on AlwaysON profile

Synopsis

show vpn alwaysONProfile []

Arguments

name name of AlwaysON profile.

Output

networkAccessOnVPNFailure Option to block network traffic when tunnel is not established(and the config requires that tunnel be established). When set to onlyToGateway, the network traffic to and from the client (except Gateway IP) is blocked. When set to fullAccess, the network traffic is not blocked

clientControl Allow/Deny user to log off and connect to another Gateway

locationBasedVPN Option to decide if tunnel should be established when in enterprise network. When locationBasedVPN is remote, client tries to detect if it is located in enterprise network or not and establishes the tunnel if not in enterprise network. Dns suffixes configured using -add dns suffix- are used to decide if the client is in the enterprise network or not. If the resolution of the DNS suffix results in private IP, client is said to be in enterprise network. When set to EveryWhere, the client skips the check to detect if it is on the enterprise network and tries to establish the tunnel

devno count stateflag

Example

show vpn alwaysONProfile AP1

set vpn alwaysONProfile

Modifies the specified parameters for AlwaysON profile.

Synopsis

set vpn alwaysONProfile \[-networkAccessOnVPNFailure \( onlyToGateway | fullAccess )] \[-clientControl \( ALLOW | DENY )] \[-locationBasedVPN \( Remote | Everywhere )]

Arguments

name Name for the AlwaysON profile

networkAccessOnVPNFailure Option to block network traffic when tunnel is not established(and the config requires that tunnel be established). When set to onlyToGateway, the network traffic to and from the client (except Gateway IP) is blocked. When set to fullAccess, the network traffic is not blocked

Possible values: onlyToGateway, fullAccess Default value: fullAccess,

clientControl Allow/Deny user to log off and connect to another Gateway

Possible values: ALLOW, DENY Default value: DENY

locationBasedVPN Option to decide if tunnel should be established when in enterprise network. When locationBasedVPN is remote, client tries to detect if it is located in enterprise network or not and establishes the tunnel if not in enterprise network. Dns suffixes configured using -add dns suffix- are used to decide if the client is in the enterprise network or not. If the resolution of the DNS suffix results in private IP, client is said to be in enterprise network. When set to EveryWhere, the client skips the check to detect if it is on the enterprise network and tries to establish the tunnel

Possible values: Remote, Everywhere Default value: Remote

unset vpn alwaysONProfile

Use this command to remove vpn alwaysONProfile settings.Refer to the set vpn alwaysONProfile command for meanings of the arguments.

Synopsis

unset vpn alwaysONProfile [-networkAccessOnVPNFailure] [-clientControl] [-locationBasedVPN]

add vpn alwaysONProfile

Creates an AlwaysON profile

Synopsis

add vpn alwaysONProfile \[-networkAccessOnVPNFailure \( onlyToGateway | fullAccess )] \[-clientControl \( ALLOW | DENY )] \[-locationBasedVPN \( Remote | Everywhere )]

Arguments

name name of AlwaysON profile

networkAccessOnVPNFailure Option to block network traffic when tunnel is not established(and the config requires that tunnel be established). When set to onlyToGateway, the network traffic to and from the client (except Gateway IP) is blocked. When set to fullAccess, the network traffic is not blocked

Possible values: onlyToGateway, fullAccess Default value: fullAccess,

clientControl Allow/Deny user to log off and connect to another Gateway

Possible values: ALLOW, DENY Default value: DENY

locationBasedVPN Option to decide if tunnel should be established when in enterprise network. When locationBasedVPN is remote, client tries to detect if it is located in enterprise network or not and establishes the tunnel if not in enterprise network. Dns suffixes configured using -add dns suffix- are used to decide if the client is in the enterprise network or not. If the resolution of the DNS suffix results in private IP, client is said to be in enterprise network. When set to EveryWhere, the client skips the check to detect if it is on the enterprise network and tries to establish the tunnel

Possible values: Remote, Everywhere Default value: Remote

vpn-alwaysONProfile