Cisco ASA 5505 Configuration Manual page 1552

Customizing the AnyConnect Client
•
For complete information about customizing the AnyConnect GUI and creating and deploying scripts,
see the AnyConnect VPN Client Administrators Guide.
The following sections describe how to import binary executables and scripts to the adaptive security
appliance:
Importing your own GUI as a Binary Executable, page 67-90
Importing Scripts, page 67-91
Importing your own GUI as a Binary Executable
For Windows, Linux, or Mac (PPP or Intel-based) computers, you can deploy your own client that uses
the AnyConnect client API. You replace the AnyConnect GUI or the AnyConnect CLI by replacing the
client binary files.
systems.
Table 67-11
Client OS
Windows
Linux
Mac
1. Not supported by adaptive security appliance deployment. However, you can deploy an
Your executable can call any resource files, such as logo images, that you import to the adaptive security
appliance (See
own executable, can use any filenames for your resource files.
We recommend that you sign your custom Windows client binaries (either GUI or CLI version) that you
import to the adaptive security appliance. A signed binary has a wider range of functionality available
to it. If the binaries are not signed the following functionality is affected:
•
•
•
Note The adaptive security appliance does not support this feature for the AnyConnect VPN client, Versions
2.0 and 2.1. For more information on manually customizing the client, see the AnyConnect VPN Client
Administrator Guide and the Release Notes for Cisco AnyConnect VPN Client.
Cisco ASA 5500 Series Configuration Guide using ASDM
67-88
Logging on to a service upon VPN connection, and logging off after disconnection.
Table 67-11
Filenames of Client Executables
Client GUI File
vpnui.exe
vpnui
Not supported
executable for the Mac that replaces the client GUI using other means, such as
Altiris Agent.
Table 67-11). Unlike replacing the pre-defined GUI components, when you deploy your
Web-Launch—The clientless portal is available and the user can authenticate. However, the
behavior surrounding tunnel establishment does not work as expected. Having an unsigned GUI on
the client results in the client not starting as part of the clientless connection attempt. And once it
detects this condition, it aborts the connection attempt.
SBL—The Start Before Logon feature requires that the client GUI used to prompt for user
credentials be signed. If it is not, the GUI does not start. Because SBL is not supported for the CLI
program, this affects only the GUI binary file.
Auto Upgrade—During the upgrade to a newer version of the client, the old GUI exits, and after the
new GUI installs, the new GUI starts. The new GUI does not start unless it is signed. As with
Web-launch, the VPN connection terminates if the GUI is not signed. However, the upgraded client
remains installed.
lists the filenames of the client executable files for the different operating
Client CLI File
vpncli.exe
vpn
1
vpn
Chapter 67 Clientless SSL VPN
OL-20339-01