Filter
Top Products
69-44
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
Configuring AnyConnect VPN Client Connections
• Optional Client Modules to Download—To minimize download time, the AnyConnect client
requests downloads (from the ASA) only of modules that it needs for each feature that it supports.
You must specify the names of modules that enable other features. The AnyConnect client, version
3.0, includes the following modules (previous versions have fewer modules):
–
AnyConnect DART—The Diagnostic AnyConnect Reporting Tool (DART) captures a snapshot
of system logs and other diagnostic information and creates a .zip file on your desktop so you
can conveniently send troubleshooting information to Cisco TAC.
–
AnyConnect Network Access Manager—Formerly called the Cisco Secure Services Client, this
module provides 802.1X (Layer 2) and device authentication for access to both wired and
wireless network is integrated into AnyConnect 3.0.
–
AnyConnect SBL—Start Before Logon (SBL) forces the user to connect to the enterprise
infrastructure over a VPN connection before logging on to Windows by starting AnyConnect
before the Windows login dialog box appears.
–
AnyConnect Web Security Module—Formerly called ScanSafe Hostscan, this module is
integrated into the AnyConnect 3.0.
–
AnyConnect Telemetry Module—Sends information about the origin of malicious content to the
web filtering infrastructure of the Cisco IronPort Web Security Appliance (WSA), which uses
this data to provide better URL filtering rules.
–
AnyConnect Posture Module—Formerly called the Cisco Secure Desktop HostScan feature, the
posture module is integrated into AnyConnect 3.0 and provides AnyConnect the ability to
gather credentials for posture assessment prior to creating a remote access connection to the
ASA.
• Always-On VPN—Determine if the always-on VPN flag setting in the AnyConnect service profile
is disabled or if the AnyConnect service profile setting should be used. The always-on VPN feature
lets AnyConnnect automatically establish a VPN session after the user logs onto a computer. The
VPN session remains up until the user logs off the computer. If the physical connection is lost, the
session remains up, and AnyConnect continually attempts to reestablish the physical connection
with the adaptive security appliance to resume the VPN session.
Always-on VPN permits the enforcement of corporate policies to protect the device from security
threats. You can use it to help ensure AnyConnect establishes a VPN session whenever the endpoint
is not in a trusted network. If enabled, a policy is configured to determine how network connectivity
is managed in the absence of a connection.
Note Always-On VPN requires an AnyConnect release that supports AnyConnect Secure
Mobility features. Refer to the Cisco AnyConnect VPN Client Administrator Guide for
additional information.
• Client Profiles to Download—A profile is a group of configuration parameters that the AnyConnect
client uses to configure VPN, Network Access Manager, web security, and telemetry settings. Click
Add to launch the Select Anyconnect Client Profiles window where you can specify
previously-created profiles for this group policy.
Modes
The following table shows the modes in which this feature is available: