Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
69-45
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring AnyConnect VPN Client Connections
Using AnyConnect Client Profiles
You enable Cisco AnyConnect Secure Mobility client features in the AnyConnect profiles—XML files
that contain configuration settings for the core client with its VPN functionality and for the optional
client modules Network Access Manager, telemetry, and web security. The ASA deploys the profiles
during AnyConnect installation and updates. Users cannot manage or modify profiles.
You can configure a profile using the AnyConnect profile editor, a convenient GUI-based configuration
tool launched from ASDM. The AnyConnect software package, version 2.5 and later (for all OSs),
includes the editor, which activates when you load the AnyConnect package on the ASA as an
AnyConnect client image. Alternatively, you can manually edit the XML file and import the file to the
ASA as a profile.
You can configure the ASA to deploy profiles globally for all AnyConnect users or to users based on
their group policy. Usually, a user has a single profile file for each AnyConnect module installed. In
some cases, you might want to provide more than one profile for a user. Someone who works from
multiple locations might need more than one profile. Be aware that some of the profile settings (such as
SBL) control the connection experience at a global level. Other settings are unique to a particular host
and depend on the host selected.
Some profile settings are stored locally on the user computer in a user preferences file or a global
preferences file. The user file has information the client needs to display user-controllable settings in the
Preferences tab of the client GUI and information about the last connection, such as the user, the group,
and the host. The global file has information about user-controllable settings to be able to apply those
settings before login (since there is no user). For example, the client needs to know if Start Before Logon
and/or AutoConnect On Start are enabled before login. For more information about creating and
deploying AnyConnect client profiles and controlling client features, see the AnyConnect VPN Client
Administrator Guide.
Fields
Add—Displays the Add AnyConnect Client Profiles dialog box, where you can specify a file in flash
memory as a profile, or where you can browse flash memory for a file to specify as a profile. You can
also upload a file from a local computer to the flash memory.
Edit—Displays the Edit SSL VPN Client Profile window, where you can change the settings contained
in the profile for AnyConnect client features.
Delete—Deletes a profile from the table. This does not delete the XML file from flash.
AnyConnect Client Profiles Table—Displays the XML files specified as AnyConnect client profiles:
Profile Name—The name of the profile specified when the profile was added.
Profile Usage/Type—Displays the use for this profile, such as VPN, Network Access Manager, or
telemetry.
Specifying an AnyConnect Client Profile
Specify an AnyConnect client profile for this group policy.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
——