Cisco ASA 5505 Configuration Manual page 1351

Chapter 64 General VPN Setup
•
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Using AnyConnect Client Profiles
The AnyConnect profile is an XML file deployed by the adaptive security appliance during client
installation and updates. The profile provides basic information about connection setup, as well as
advanced features such as Start Before Logon (SBL). Users cannot manage or modify profiles.
You can configure the adaptive security appliance to deploy profiles globally for all AnyConnect client
users, or based on the group policy of the user. Usually, a user has a single profile file. This profile
contains all the hosts needed by a user, and additional settings as needed. In some cases, you might want
OL-20339-01
Optional Client Modules to Download—To minimize download time, the AnyConnect client
requests downloads (from the adaptive security appliance) only of modules that it needs for each
feature that it supports. You must specify the names of modules that enable other features:
Enable the Start Before Logon (SBL) feature by checking vpngina. This enables the adaptive
–
security appliance to download a graphical identification and authentication (GINA) for the
AnyConnect client VPN connection.
Enable the Cisco Diagnostic AnyConnect Reporting Tool (DART) by checking dart. DART
–
captures a snapshot of system logs and other diagnostic information and creates a .zip file on
your desktop so you can conveniently send troubleshooting information to Cisco TAC. For this
keyword to have any effect, you must have installed the DART package on the adaptive security
appliance.
Always-On VPN—Determine if the always-on VPN flag setting in the AnyConnect service profile
is disabled or if the AnyConnect service profile setting should be used. The always-on VPN feature
lets AnyConnect automatically establish a VPN session after the user logs onto a computer. The
VPN session remains up until the user logs off the computer. If the physical connection is lost, the
session remains up, and AnyConnect continually attempts to reestablish the physical connection
with the adaptive security appliance to resume the VPN session.
Always-on VPN permits the enforcement of corporate policies to protect the device from security
threats. You can use it to help ensure AnyConnect establishes a VPN session whenever the endpoint
is not in a trusted network. If enabled, a policy is configured to determine how network connectivity
is managed in the absence of a connection.
Always-On VPN requires an AnyConnect release that supports AnyConnect Secure
Note
Mobility features. Refer to the Cisco AnyConnect VPN Client Administrator Guide for
additional information.
Client Profiles to Download—A profile is a group of configuration parameters that the AnyConnect
client uses to configure the connection entries that appear in the user interface, including the names
and addresses of host computers. Choose user as the Profile type.
Security Context
Transparent Single
— •
Configuring AnyConnect (SSL) VPN Client Connections
Multiple
Context System
— —
Cisco ASA 5500 Series Configuration Guide using ASDM
64-41