User Manual
Page 1
... appears. 6. Initial Configuration Considerations." Step 3 Connect Power over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is...
... appears. 6. Initial Configuration Considerations." Step 3 Connect Power over ETHERNET 6 5 4 3 2 Cisco ASA 5505 1 0 CONSOLE 1 2 RESET Power supply adapter Blue console cable Power cable (US shown) ProCdiFuscicrteoCwADaSllA 5505 Documentation Yellow Ethernet cable GQCuuisiidccoke SAtSaArt 5505 2. LINK/ACT Indicator Power Indicator LINK/ACT Power Status Active VPN SSC 100 MBPS 0 0 0 0 0 0 0 0 Cisco ASA 5505 series 0 Adaptive Security Appliance If a LINK/ACT LED is...
User Manual
Page 2
... 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance and other company. (1110R) © 2011 Cisco Systems, Inc. To view a list of the following wizards: • Site-to-Site VPN Wizard-Creates an IPsec site-to remote users when they ...can run on a group basis. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Startup Wizard appears. The Public Server pane appears. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Addresses, phone numbers, and fax numbers are the property of...
... 10% postconsumer waste. 78-19752-02 QUICK START GUIDE Cisco ASA 5505 Adaptive Security Appliance and other company. (1110R) © 2011 Cisco Systems, Inc. To view a list of the following wizards: • Site-to-Site VPN Wizard-Creates an IPsec site-to remote users when they ...can run on a group basis. Step 1 In the main ASDM window, choose Configuration > Firewall > Public Servers. The Startup Wizard appears. The Public Server pane appears. San Jose, CA Asia Pacific Headquarters Cisco Systems (USA) Pte. Addresses, phone numbers, and fax numbers are the property of...
Administration Guide
Page 1
Cisco AnyConnect VPN Client Administrator Guide Version 2.0 Updated May 12, 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: OL-12950-012
Cisco AnyConnect VPN Client Administrator Guide Version 2.0 Updated May 12, 2010 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Customer Order Number: OL-12950-012
Administration Guide
Page 2
...CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event...coincidental. CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, ...
...CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event...coincidental. CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, ...
Administration Guide
Page 3
...10 Introduction 1 AnyConnect Client Features 1 Remote User Interface 2 Getting and Installing the Files You Need 7 CSA Interoperability with the AnyConnect Client and Cisco Secure Desktop 7 Common AnyConnect VPN Client Installation and Configuration Procedures 1 Installing the AnyConnect Client 1 Before You Install the AnyConnect Client 2 Ensuring Automatic Installation of AnyConnect Clients 2 ... PC Running Windows 8 Installing the AnyConnect Client on a PC Running Linux 9 Installing the AnyConnect Client on a PC Running MAC OSX 9 OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 3
...10 Introduction 1 AnyConnect Client Features 1 Remote User Interface 2 Getting and Installing the Files You Need 7 CSA Interoperability with the AnyConnect Client and Cisco Secure Desktop 7 Common AnyConnect VPN Client Installation and Configuration Procedures 1 Installing the AnyConnect Client 1 Before You Install the AnyConnect Client 2 Ensuring Automatic Installation of AnyConnect Clients 2 ... PC Running Windows 8 Installing the AnyConnect Client on a PC Running Linux 9 Installing the AnyConnect Client on a PC Running MAC OSX 9 OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 3
Administration Guide
Page 4
... 11 Enabling AnyConnect Rekey 12 Enabling and Adjusting Dead Peer Detection 14 Configuring the Dynamic Access Policies Feature of the Security Appliance 15 Cisco Secure Desktop Support 15 6 C H A P T E R Configuring AnyConnect Features Using CLI 1 Enabling Datagram Transport Layer Security ... 5 Using Compression 5 Configuring the Dynamic Access Policies Feature of the Security Appliance 6 Cisco Secure Desktop Support 6 Enabling AnyConnect Rekey 6 Enabling and Adjusting Dead Peer Detection 7 Enabling AnyConnect Keepalives 8 Cisco AnyConnect VPN Client Administrator Guide 4 OL-12950-012
... 11 Enabling AnyConnect Rekey 12 Enabling and Adjusting Dead Peer Detection 14 Configuring the Dynamic Access Policies Feature of the Security Appliance 15 Cisco Secure Desktop Support 15 6 C H A P T E R Configuring AnyConnect Features Using CLI 1 Enabling Datagram Transport Layer Security ... 5 Using Compression 5 Configuring the Dynamic Access Policies Feature of the Security Appliance 6 Cisco Secure Desktop Support 6 Enabling AnyConnect Rekey 6 Enabling and Adjusting Dead Peer Detection 7 Enabling AnyConnect Keepalives 8 Cisco AnyConnect VPN Client Administrator Guide 4 OL-12950-012
Administration Guide
Page 5
... Table Using ASDM 6 Import/Export Language Localization 7 Creating or Modifying a Translation Table Using CLI 8 Monitoring and Maintaining the AnyConnect Client 1 Viewing AnyConnect Client and SSL VPN Sessions 1 Adjusting MTU Size Using ASDM 2 Adjusting MTU Size Using CLI 2 Logging Off AnyConnect Client Sessions 3 Updating AnyConnect Client and SSL...
... Table Using ASDM 6 Import/Export Language Localization 7 Creating or Modifying a Translation Table Using CLI 8 Monitoring and Maintaining the AnyConnect Client 1 Viewing AnyConnect Client and SSL VPN Sessions 1 Adjusting MTU Size Using ASDM 2 Adjusting MTU Size Using CLI 2 Logging Off AnyConnect Client Sessions 3 Updating AnyConnect Client and SSL...
Administration Guide
Page 6
Contents B A P P E N D I X INDEX Sample AnyConnect Profile Schema 3 Using Microsoft Active Directory to Add the Security Appliance to the List of Internet Explorer Trusted Sites for Domain Users 1 Cisco AnyConnect VPN Client Administrator Guide 6 OL-12950-012
Contents B A P P E N D I X INDEX Sample AnyConnect Profile Schema 3 Using Microsoft Active Directory to Add the Security Appliance to the List of Internet Explorer Trusted Sites for Domain Users 1 Cisco AnyConnect VPN Client Administrator Guide 6 OL-12950-012
Administration Guide
Page 7
... the following tasks: • Manage network security • Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 The PIX family of this guide, the term "security appliance" applies generically to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). ASDM includes configuration wizards to guide you configure the...
... the following tasks: • Manage network security • Install and configuresecurity appliances • Configure VPNs OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7 The PIX family of this guide, the term "security appliance" applies generically to the Cisco ASA 5500 series security appliances (ASA 5505 and higher). ASDM includes configuration wizards to guide you configure the...
Administration Guide
Page 8
... command-line interface to the following documentation: • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages...
... command-line interface to the following documentation: • Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide • Cisco ASA 5500 Series Release Notes • Cisco ASDM Release Notes • Cisco ASDM Online Help • Release Notes for Cisco AnyConnect VPN Client, Release 2.0 • Cisco Security Appliance Command Reference • Cisco Security Appliance Logging Configuration and System Log Messages...
Administration Guide
Page 9
...alternative, mutually exclusive elements. • Right-pointing angle brackets (>) indicate a sequence in italic screen font. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 9 Notes contain helpful suggestions or references to material not covered in Internet Explorer. Examples use these conventions:... can push to remote users a group policy that adds the security appliance to the list of the Cisco AnyConnect VPN Client. About This Guide Document Conventions Table 1 Document Organization (continued) Chapter/Appendix Definition Chapter 8, "Customizing...
...alternative, mutually exclusive elements. • Right-pointing angle brackets (>) indicate a sequence in italic screen font. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 9 Notes contain helpful suggestions or references to material not covered in Internet Explorer. Examples use these conventions:... can push to remote users a group policy that adds the security appliance to the list of the Cisco AnyConnect VPN Client. About This Guide Document Conventions Table 1 Document Organization (continued) Chapter/Appendix Definition Chapter 8, "Customizing...
Administration Guide
Page 10
This product includes cryptographic software written by Tim Hudson ([email protected]). Cisco AnyConnect VPN Client Administrator Guide 10 OL-12950-012 This product includes software written by Eric Young ([email protected]). Obtaining Documentation,... providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Licensing This product includes ...
This product includes cryptographic software written by Tim Hudson ([email protected]). Cisco AnyConnect VPN Client Administrator Guide 10 OL-12950-012 This product includes software written by Eric Young ([email protected]). Obtaining Documentation,... providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Licensing This product includes ...
Administration Guide
Page 11
..., Windows XP and Windows 2000, Mac OS X (Version 10.4 or later) on the security appliance. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. As the network administrator, you can assign particular features to individual users or groups. Then, you...
..., Windows XP and Windows 2000, Mac OS X (Version 10.4 or later) on the security appliance. See the Release Notes for getting the Cisco AnyConnect VPN Client up and running ASA version 8.0 and higher or ASDM 6.0 and higher. As the network administrator, you can assign particular features to individual users or groups. Then, you...
Administration Guide
Page 12
...and endpoint security for Windows 2000 and Windows XP. • Rekey-Specifies that SSL renegotiation takes place during rekey. Note The Cisco AnyConnect VPN Client can optionally configure a banner message to appear on the client user interface. • Dynamic Access Policies feature of the ... login scripts, password caching, drive mapping, and more, for Windows. • Certificate-only authentication-Allows users to connect with the IPSec Cisco VPN Client, but they disconnect. Compression works only for TLS. • Fallback from DTLS to TLS-Provides a way of falling back from DTLS...
...and endpoint security for Windows 2000 and Windows XP. • Rekey-Specifies that SSL renegotiation takes place during rekey. Note The Cisco AnyConnect VPN Client can optionally configure a banner message to appear on the client user interface. • Dynamic Access Policies feature of the ... login scripts, password caching, drive mapping, and more, for Windows. • Certificate-only authentication-Allows users to connect with the IPSec Cisco VPN Client, but they disconnect. Compression works only for TLS. • Fallback from DTLS to TLS-Provides a way of falling back from DTLS...
Administration Guide
Page 13
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-3 When you might see the dialog box shown in Figure 1-2. Figure 1-2 Security Alert Dialog Box Note Note: Most users (those with correct certificate deployments) do not have certificates set up, you see this dialog box. Chapter 1 Introduction Remote User Interface Figure 1-1 Cisco AnyConnect VPN Client User Interface, Connection Tab If you do not see this dialog box, click Yes to connect. Table 1-1 shows the circumstances and results when the Security Alert dialog box appears.
OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-3 When you might see the dialog box shown in Figure 1-2. Figure 1-2 Security Alert Dialog Box Note Note: Most users (those with correct certificate deployments) do not have certificates set up, you see this dialog box. Chapter 1 Introduction Remote User Interface Figure 1-1 Cisco AnyConnect VPN Client User Interface, Connection Tab If you do not see this dialog box, click Yes to connect. Table 1-1 shows the circumstances and results when the Security Alert dialog box appears.
Administration Guide
Page 14
... a given security appliance. For detailed information and examples of the server certificate is not prompted on the first connection attempt to the same security appliance. Cisco AnyConnect VPN Client Administrator Guide 1-4 OL-12950-012 Remote User Interface Chapter 1 Introduction Table 1-1 Certificate, Security Alert, and Connection Status Certificate Status Does Security Alert Appear...
... a given security appliance. For detailed information and examples of the server certificate is not prompted on the first connection attempt to the same security appliance. Cisco AnyConnect VPN Client Administrator Guide 1-4 OL-12950-012 Remote User Interface Chapter 1 Introduction Table 1-1 Certificate, Security Alert, and Connection Status Certificate Status Does Security Alert Appear...
Administration Guide
Page 15
...the duration of the connection, the number of bytes and frames sent and received, address information, transport information, and Cisco Secure Desktop posture assessment status. The AnyConnect client prompts you export the current statistics, interface, and routing table to a... text file. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-5 The Reset button on the desktop. Figure 1-3 Cisco AnyConnect VPN Client User Interface, Statistics Tab Clicking the Details tab shows Statistics Details window (Figure ...
...the duration of the connection, the number of bytes and frames sent and received, address information, transport information, and Cisco Secure Desktop posture assessment status. The AnyConnect client prompts you export the current statistics, interface, and routing table to a... text file. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 1-5 The Reset button on the desktop. Figure 1-3 Cisco AnyConnect VPN Client User Interface, Statistics Tab Clicking the Details tab shows Statistics Details window (Figure ...
Administration Guide
Page 16
...The About tab (Figure 1-6) shows version, copyright, and documentary information about the Cisco AnyConnect Client. Cisco AnyConnect VPN Client Administrator Guide 1-6 OL-12950-012 Figure 1-5 Cisco AnyConnect VPN Client User Interface, Statistics Tab, Route Details Tab Note A Secured Routes entry ...destination 0.0.0.0 and the subnet mask 0.0.0.0 means that all traffic is tunneled. Remote User Interface Chapter 1 Introduction Figure 1-4 Cisco AnyConnect VPN Client User Interface, Statistics Tab, Statistics Details Tab Clicking the Route Details tab (Figure 1-5) shows the secured and ...
...The About tab (Figure 1-6) shows version, copyright, and documentary information about the Cisco AnyConnect Client. Cisco AnyConnect VPN Client Administrator Guide 1-6 OL-12950-012 Figure 1-5 Cisco AnyConnect VPN Client User Interface, Statistics Tab, Route Details Tab Note A Secured Routes entry ...destination 0.0.0.0 and the subnet mask 0.0.0.0 means that all traffic is tunneled. Remote User Interface Chapter 1 Introduction Figure 1-4 Cisco AnyConnect VPN Client User Interface, Statistics Tab, Statistics Details Tab Clicking the Route Details tab (Figure 1-5) shows the secured and ...
Administration Guide
Page 17
...CSA) installed, you must import new CSA policies to the remote users to enable the AnyConnect VPN Client and Cisco Secure Desktop to create user profiles as XML files. Cisco Secure Desktop does not support secure desktop on Windows 2000 and Windows XP operating systems. Note ...The Windows Vista version of AnyConnect (32- Chapter 1 Introduction Getting and Installing the Files You Need Figure 1-6 Cisco AnyConnect VPN Client User Interface, About Tab Getting and Installing the Files You Need The latest Release Notes document contains the system requirements and ...
...CSA) installed, you must import new CSA policies to the remote users to enable the AnyConnect VPN Client and Cisco Secure Desktop to create user profiles as XML files. Cisco Secure Desktop does not support secure desktop on Windows 2000 and Windows XP operating systems. Note ...The Windows Vista version of AnyConnect (32- Chapter 1 Introduction Getting and Installing the Files You Need Figure 1-6 Cisco AnyConnect VPN Client User Interface, About Tab Getting and Installing the Files You Need The latest Release Notes document contains the system requirements and ...
Administration Guide
Page 18
...export files work for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. The 5.x export files are AnyConnect-CSA.zip and CSD-for the AnyConnect client and Cisco Secure Desktop. Import the... file using the Maintenance > Export/Import tab on the CSA Management Center. For more information, see the CSA document Using Management Center for CSA Versions 5.0 and 5.1. Cisco AnyConnect VPN...
...export files work for the ASA 5500 Series Adaptive Security Appliance at http://www.cisco.com/cgi-bin/tablebuild.pl/asa. The 5.x export files are AnyConnect-CSA.zip and CSD-for the AnyConnect client and Cisco Secure Desktop. Import the... file using the Maintenance > Export/Import tab on the CSA Management Center. For more information, see the CSA document Using Management Center for CSA Versions 5.0 and 5.1. Cisco AnyConnect VPN...