Before You Install The Anyconnect Client; Ensuring Automatic Installation Of Anyconnect Clients - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Before You Install the AnyConnect Client

The AnyConnect client can be downloaded from the security appliance, or it can be installed manually
on the remote PC by the system administrator. This document contains information about how to
configure the features of the AnyConnect client. For more detailed information about configuring the
AnyConnect client and other SSL VPN connections on the security appliance, see "Configuring SSL
VPN Connections" in Cisco Security Appliance Command Line Configuration Guide. For detailed
descriptions of the commands referred to in this administrator's guide, see the Cisco ASA 5500
Command Reference Guide for version 8.0 or later.
The security appliance loads the client based on the group policy or username attributes of the user
establishing the connection. You can configure the security appliance to automatically download the
client, or you can configure it to prompt the remote user about whether to download the client. In the
latter case, if the user does not respond, you can configure the security appliance to either download the
client after a timeout period or present the portal page.
When using Start Before Logon, the VPN Gina (VPN Graphical Identification and Authentication) a
Note
cannot be installed dynamically if the AnyConnect client is installed manually. The VPN Gina can be
installed either before or after the AnyConnect client, but they must either be both installed manually or
both installed dynamically (CSCsh38590).
This section describes installation-specific issues and procedures for the AnyConnect client Release
2.0(1), and contains the following sections:
•
•
•
Before You Install the AnyConnect Client
The following sections contain recommendations to ensure successful AnyConnect client installation, as
well as tips about certificates, Cisco Security Agent (CSA), adding trusted sites, and responding to
browser alerts:
•
•
•
•

Ensuring Automatic Installation of AnyConnect Clients

The following recommendations and caveats apply to the automatic installation of AnyConnect client
software on client PCs:
•
Cisco AnyConnect VPN Client Administrator Guide
2-2
Before You Install the AnyConnect Client, page 2-2
Installing the AnyConnect Client on a User's PC, page 2-8
Installing the AnyConnect Client on a User's PC, page 2-8
Ensuring Automatic Installation of AnyConnect Clients, page 2-2
AnyConnect Client and New Windows Installations, page 2-3
Adding a Security Appliance to the List of Trusted Sites (Internet Explorer), page 2-3
Adding a Security Certificate in Response to Browser Security Alert Windows, page 2-4
To minimize user prompts during AnyConnect client setup, make sure certificate data on client PCs
and on the security appliance match:
– If you are using a Certificate Authority (CA) for certificates on the security appliance, choose
one that is already configured as a trusted CA on client machines.
– If you are using a self-signed certificate on the security appliance, be sure to install it as a trusted
root certificate on clients.
Chapter 2 Common AnyConnect VPN Client Installation and Configuration Procedures
OL-12950-012