Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
72-136
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 72 Configuring Clientless SSL VPN
Customizing the AnyConnect Client
Writing, Testing, and Deploying Scripts
Deploy AnyConnect scripts as follows:
Restrictions
Scripts written on Microsoft Windows computers have different line endings than scripts written on
Mac OS and Linux. Therefore, you should write and test the script on the targeted OS. If a script
cannot run properly from the command line on the native OS, AnyConnect cannot run it properly
either.
Microsoft Windows Mobile does not support this option. You must deploy scripts using the manual
method for this OS.
Step 1 Write and test the script using the OS type on which it will run when AnyConnect launches it.
Step 2 To import a script, go to Network (Client) Access > AnyConnect Customization/Localization >
Script. The Customization Scripts pane displays.
Step 3 Enter a name for the script. Be sure to specify the correct extension with the name. For example,
myscript.bat.
Step 4 Choose a script action: Script runs when client connects or Script runs when client disconnects.
AnyConnect adds the prefix scripts_ and the prefix OnConnect or OnDisconnect to your filename to
identify the file as a script on the ASA. When the client connects, the ASA downloads the script to the
proper target directory on the remote computer, removing the scripts_ prefix and leaving the remaining
OnConnect or OnDisconnect prefix. For example, if you import the script myscript.bat, the script
appears on the ASA as scripts_OnConnect_myscript.bat. On the remote computer, the script appears as
OnConnect_myscript.bat.
To ensure the scripts run reliably, configure all ASAs to deploy the same scripts. If you want to modify
or replace a script, use the same name as the previous version and assign the replacement script to all of
the ASAs that the users might connect to. When the user connects, the new script overwrites the one with
the same name.
Step 5 Select a file as the source of the script. The name does not need to be the same as the name you provided
for the script. ASDM imports the file from any source file, creating the new name you specify for Name
in Step 3.
Table 72-16 shows the locations of scripts on the remote computer:
Step 6 Click Import to launch the Import AnyConnect Customization Objects dialog, where you can specify a
file to import as an object.
Table 72-16 Required Script Locations
OS Directory
Microsoft Windows 7 and Vista %ALLUSERPROFILE%\Cisco\Cisco AnyConnect VPN Client\Scripts
Microsoft Windows XP %ALLUSERPROFILE%\Application Data\Cisco\Cisco AnyConnect VPN Client\
Scripts
Linux /opt/cisco/vpn/scripts
Note Assign execute permissions to the file for User, Group and Other.
Mac OS X /opt/cisco/vpn/scripts
Windows Mobile %PROGRAMFILES%\Cisco AnyConnect VPN Client\Scripts