Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S670
11121314151617181920
Table Of Contents
Cisco AnyConnect Secure Mobility Solution Guide
Configuring AnyConnect Secure Mobility
20
Cisco AnyConnect Secure Mobility Solution Guide
3. Load the AnyConnect Secure Mobility client package Release 2.5 or later
onto the adaptive security appliance.
4. Using ASDM, configure the adaptive security appliance to support Network
(Client) Access as usual.
5. In ASDM, consider configuring the VPN profile to be always on. You might
want to configure this feature for when the user is in an untrusted network.
When you configure the VPN profile to be always on, you must also enable
Trusted Network Detection (TND).
The always on feature lets AnyConnect automatically establish a VPN
session after the user logs onto a computer. The VPN session remains up until
the user logs off of the computer. If the physical connection is lost, the session
remains up, and AnyConnect continually attempts to reestablish the physical
connection with the adaptive security appliance to resume the VPN session.
TND gives you the ability to have AnyConnect automatically disconnect a
VPN connection when the user is inside the corporate network (the trusted
network) and start the VPN connection when the user is outside the corporate
network (the untrusted network).
6. When you configure always-on VPN, you can optionally choose to enable any
of the following options that affect the mobile user’s experience:
Connect Failure Policy. When AnyConnect fails to initiate or maintain
a VPN session in accordance with the always on feature, the connect
failure policy determines whether the user can establish network
connectivity using a service or domain that is not configured as trusted.
You can configure the VPN profile to fail open or fail close.
Allow Captive Portal Remediation. This is the process of satisfying the
requirements of a captive portal hot spot to obtain network access. When
a facility offering Internet access requires users to accept terms and
conditions before gaining access, users enter a captive portal
environment. By default, captive portals prevent AnyConnect from
connecting to the VPN. You might want to enable Allow Captive Portal
Remediation to give users a few minutes to satisfy the terms and
conditions to gain access, thus allowing AnyConnect to connect to the
VPN.
Apply Last VPN Local Resource Rules. When the Connect Failure
Policy is set to fail closed, this feature allows users to print locally and
synchronize tethered devices. To allow that, you must also configure the
appropriate firewall rules.