Upload
lythu
View
464
Download
39
Embed Size (px)
Citation preview
Cisco AnyConnect 4.1 : 2014 05 04
: 2015 05 22
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
2015 Cisco Systems, Inc. All rights reserved.
AnyConnect 1
AnyConnect 1
AnyConnect 2
AnyConnect 2
Windows ASA Internet Explorer 3
Internet Explorer 3
AnyConnectWindows RDP 4
Windows DES SSL 6
AnyConnect 6
AnyConnect 7
AnyConnect 8
AnyConnect 9
Windows SMS 9
10
10
Windows 11
ISO AnyConnect 11
AnyConnect ISO 11
SMS AnyConnect 12
WindowsMSI 12
Windows 14
Windows AnyConnect 14
Mac OS X 15
Mac OS X AnyConnect 15
Mac OS X 15
Mac OS X 16
Linux 16
Cisco AnyConnect 4.1 iii
Linux 16
Linux 17
Firefox 17
Linux DART 18
AnyConnect 18
ASA 19
WebLaunch 19
AnyConnect 20
ASA AnyConnect 20
AnyConnect 20
ASDM 21
ISE 21
AnyConnect ISE 22
ISE AnyConnect 23
AnyConnect 24
AnyConnect 25
WebLaunch AnyConnect 26
26
ASA 26
ISE 27
GUI 28
28
28
29
29
30
31
AnyConnect 32
32
AnyConnect VPN 32
AnyConnect 35
AnyConnect 35
Cisco AnyConnect 4.1 iv
35
(Windows) 36
Windows 36
AnyConnectWindows 37
38
AnyConnect 39
AnyConnect 40
40
(Mac OSX) 42
ACTransforms.xmlMac OS X 42
42
(Linux) 43
ACTransform.xml Linux 43
AnyConnect GUI 43
AnyConnect 45
47
47
ASA 48
Windows 49
AnyConnect GUI 49
AnyConnect GUI 50
Windows AnyConnect 51
Linux AnyConnect 54
Mac OS X AnyConnect 56
AnyConnect 57
58
59
AnyConnect 61
61
AnyConnect API 62
AnyConnect ISE 63
AnyConnect 63
Cisco AnyConnect 4.1 v
AnyConnect 64
AnyConnect 67
67
AnyConnect 67
ASDM 68
68
AnyConnect 69
70
AnyConnect VPN 70
AnyConnect 1 71
AnyConnect 2 73
AnyConnect 77
AnyConnect 77
AnyConnect 80
AnyConnect 81
AnyConnect 82
AnyConnect/ 82
AnyConnect 84
84
87
MST 87
FIPS 88
VPN 91
VPN 91
AnyConnect VPN 91
VPN 93
Windows VPN 94
94
95
95
AnyConnect 95
AnyConnect SBL 96
Cisco AnyConnect 4.1 vi
97
AnyConnect VPN 97
Windows (PLAP) 97
PLAP 98
PLAPWindows PC 98
PLAP AnyConnect 99
VPN 99
100
100
100
101
VPN 102
VPN 102
VPN 103
VPN 103
VPN 104
AnyConnect VPN 104
104
VPN 105
106
106
106
107
108
108
108
109
L2TP PPTP AnyConnect 109
PPP 110
AnyConnect 111
AnyConnect 111
AnyConnect 112
Cisco AnyConnect 4.1 vii
112
112
112
Windows 113
Mac 113
Linux 113
113
114
Internet Explorer Connections 114
115
VPN 115
IPv4 IPv6 VPN 115
116
116
DNS 116
DNS 116
DNS 116
AnyConnect DNS 117
DNS 117
VPN 118
118
118
118
119
122
122
SCEP 123
SCEP 123
124
124
SCEP 125
SCEP VPN 125
Cisco AnyConnect 4.1 viii
ASA SCEP 125
SCEP 126
SCEP VPN 126
ASA SCEP 127
SCEPWindows 2008 127
SCEP 127
SCEP 128
129
129
Windows 130
Windows 131
Mac Linux PEM 132
133
133
133
134
134
SDI (SoftID) VPN 136
SDI 137
SDI RADIUS SDI 138
ASA RADIUS/SDI 139
141
141
B FIPS 142
142
143
143
144
(Client Policy) 144
(Authentication Policy) 146
(Networks) 147
(Networks)(Media Type) 148
Cisco AnyConnect 4.1 ix
(Networks)(Security Level) 149
149
802.1X Settings 149
Security 150
Port Authentication Exception Policy 151
151
151
152
NetworksNetwork Connection Type 153
NetworksUser or Machine Authentication 153
EAP 154
EAP-GTC 154
EAP-TLS 155
EAP-TTLS 155
EAP-TTLS 156
PEAP 157
PEAP 158
EAP-FAST 158
EAP-FAST 159
LEAP 160
160
160
163
164
Network Groups 165
167
ISE 168
168
168
169
170
VLAN 170
AnyConnect ISE 171
Cisco AnyConnect 4.1 x
ISE 171
173
173
173
OPSWAT 174
ASA 174
HostScan 174
175
175
175
HostScan 176
176
DAP BIOS 176
BIOS DAP 177
BIOS 177
ASA HostScan 177
ISE 177
179
181
181
182
182
183
183
184
185
HTTP(S) 185
Windows Internet 186
187
187
188
188
Cisco AnyConnect 4.1 xi
189
190
191
192
193
KDF 194
194
/ 195
DNS 195
196
196
196
196
196
DART 197
ASDM 197
197
198
198
Cisco AnyConnect 199
Windows 199
Mac OS X 200
200
AMP 201
AMP 201
AMP 201
AMP 202
AMP 202
FIPS 203
FIPSNGE AnyConnect 203
AnyConnect FIPS 204
AnyConnect FIPS 204
Cisco AnyConnect 4.1 xii
AnyConnect FIPS 205
AnyConnect FIPS 205
AnyConnect VPN FIPS 206
AnyConnect VPN FIPS 206
Windows FIPS 206
FIPS 207
FIPS 207
FIPS 208
Cisco AnyConnect 209
209
AnyConnect 211
AnyConnect 211
AnyConnect VPN 211
AnyConnect VPN 212
212
212
213
214
FIPS B 215
Windows Phone AnyConnect 216
Windows 10Windows Phone 8.1 AnyConnect 216
ASA VPN 216
AnyConnect VPN 218
AnyConnect 218
Anyconnect 220
AnyConnect 223
223
223
DART 224
225
Systeminfo 225
225
Cisco AnyConnect 4.1 xiii
AnyConnect 225
AnyConnect 226
AnyConnect 226
AnyConnect 227
VPN 228
VPN 228
229
VPNMicrosoft Windows 229
VPN 230
230
VPNVA.sys 230
vpnagent.exe 230
/ 231
231
AnyConnect 231
.log .dmp 231
vpndownloader AnyConnect (LSP) NOD32
AV 232
AT&T 232
232
Microsoft Internet Explorer 232
(Certified by an Unknown Authority) 232
232
233
Juniper Odyssey 233
Odyssey 233
ASA (Kaspersky AV Workstation 6.x) 234
UDP DTLS (McAfee Firewall 5) 234
Microsoft 234
/ 234
234
AnyConnect (Wave EMBASSY Trust Suite) 234
Cisco AnyConnect 4.1 xiv
235
Bonjour 235
TUNOpenVPN 235
WinsockLSP 2 235
LSP 3 235
SSL 235
DPDEVDO Venturi 236
DTLSDSL 236
NETINTERFACE_ERRORCheckPoint Kaspersky 236
236
237
Cisco AnyConnect 4.1 xv
Cisco AnyConnect 4.1 xvi
1 AnyConnect
AnyConnect 1
AnyConnect 2
AnyConnect 6
AnyConnect 18
AnyConnect 24
AnyConnect 32
AnyConnect AnyConnect AnyConnect
Cisco AnyConnect
- (SMS)
- AnyConnectASA ISE ASA ISEAnyConnect
AnyConnect
AnyConnectAnyConnectASA
AnyConnect VPN
ASAIOSMicrosoft WindowsLinuxMac OS X Cisco AnyConnect 4.1
Cisco AnyConnect 4.1 1
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/release/notes/b_Release_Notes_AnyConnect_4_1.html
AnyConnect
AnyConnect ISE 1.3 ASA
ASA - ASA AnyConnectAnyConnectASA AnyConnectAnyConnect VPN
ISE 1.3 - (NAD) ASANAD ISEAnyConnect VPN
AnyConnect
(SMS)Windows
-AnyConnectWindows ISOMac OS X DMG Linux gzip
AnyConnecthttp://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-feature-guides-list.html
AnyConnect
AnyConnect
AnyConnect AnyConnect
AnyConnect
AnyConnect
AnyConnect ISE (OPSWAT)
AnyConnect
AnyConnect 3G AnyConnectVZAccess Manager
(LAN adapter auto connect)NDISNDIS VZAccess VZAccess
Cisco AnyConnect 4.1 2
AnyConnect AnyConnect
http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-feature-guides-list.html
AnyConnectAnyConnect3G AnyConnect
WiFiAnyConnect
Windows ASA Internet Explorer Active Directory ASA Internet Explorer Internet Explorer
1 Windows
2 Active DirectoryMMC
3 Properties 4 Group Policy New 5 Enter 6 Properties Security
Allow Read Apply Group Policy OK 7 EditUserConfiguration> Windows Settings> Internet ExplorerMaintenance> Security 8 Security Zones and Content Ratings Properties 9 Import the current security zones and privacy settings Continue 10 Modify Settings Trusted Sites Sites 11 URL Add
(https://vpn.mycompany.com) IP (https://192.168.1.100) (https://vpn.mycompany.com) (https://*.mycompany.com)
12 Close OK 13
14 Internet OK
Internet Explorer AnyConnectInternet Explorer Tools > Internet Options > Connections
ASA Connections
Cisco AnyConnect 4.1 3
AnyConnect Windows ASA Internet Explorer
ASA
Windows Connections ASA
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 Advanced > Browser Proxy Proxy Server Policy 4 Proxy Lockdown 5 Inherit
YesAnyConnect Internet ExplorerConnections
NoAnyConnect Internet ExplorerConnections
6 OK 7 Apply
AnyConnect Windows RDP AnyConnectWindows RDP VPN RDP Cisco AnyConnect VPN RDPVPN VPN
Cisco AnyConnect 4.1 4
AnyConnect AnyConnect Windows RDP
SBL
Single Local Logon- VPN
PC VPN VPN
VPN VPNPCVPN
VPN
Single Logon - VPN
VPN VPN VPN VPN VPN
Windows LogonEnforcement
Local Users Only-VPNAnyConnect
AllowRemoteUsers -VPN VPN VPN PC
VPNVPN 90
Windows VPNEstablishment
VPN AnyConnect VPN
Cisco AnyConnect 4.1 5
AnyConnect AnyConnect Windows RDP
Windows DES SSL Windows DES SSL ASA DESAnyConnect DES ASA DES SSL
AnyConnectSMSAnyConnectAnyConnect
AnyConnect AnyConnect 8
VPNAnyConnect
AnyConnect ISE ISE
1 AnyConnect AnyConnect cisco.com
AnyConnect
anyconnect-win--pre-deploy-k9.isoWindows
anyconnect-macosx-i386--k9.dmgMac OS X
anyconnect-predeploy-linux-64--k9.tar.gzLinux64
Linux
2
AnyConnect VPN
Cisco AnyConnect
AnyConnect
Cisco AnyConnect 4.1 6
AnyConnectWindows DES SSL
AnyConnect ISE
AnyConnect AMP
AnyConnect
AnyConnect VPN
AnyConnect
AnyConnect
AnyConnect
ASDM PCWindows PCWindows
3 AnyConnect
4 AnyConnect
5 AnyConnectASA ISE AnyConnect
AnyConnect AMPISEWindows
1
AnyConnect NAMWINS x.x.x - k9msi
AnyConnect NAMWINS x.x.x - k9msi
anyconnect-websecurity-win-x.x.x-pre-deploy-k9.msianyconnect-websecurity-win-x.x.x-web-deploy-k9.exe
anyconnect-iseposture-win-x.x.x-pre-deploy-k9.msianyconnect-iseposture-win-x.x.x-web-deploy-k9.msiISE
anyconnect-amp-win-x.x.x-pre-deploy-k9.msianyconnect-amp-win-x.x.x-web-deploy-k9.exeAMP
Cisco AnyConnect 4.1 7
AnyConnect AnyConnect
Windows 2008R2 AnyConnectWLANPC
AnyConnect
2AnyConnect
AnyConnectanyfilename.xml
XMLAnyConnectAnyConnectProfile.xsd
3
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile VPN
Windows 78.x
%ProgramData%\Cisco\ Cisco AnyConnect Secure MobilityClient\NetworkAccessManager\newConfigFiles
%ProgramData%\Cisco\ Cisco AnyConnect Secure Mobility Client\WebSecurity
%ProgramData%\Cisco\ Cisco AnyConnect Secure MobilityClient\CustomerExperienceFeedback
%PROGRAMFILES%\Cisco\Cisco AnyConnect Secure MobilityClient\opswat
OPSWAT
%ProgramData%\Cisco\CiscoAnyConnect SecureMobility Client\ISEPostureISE
%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\AMPEnabler
AMP
Cisco AnyConnect 4.1 8
AnyConnect AnyConnect
/opt/cisco/anyconnect/profile
Mac OS X
/opt/cisco/anyconnect/CustomerExperienceFeedback
/opt/cisco/anyconnect/bin
/opt/cisco/anyconnect/lib/opswaOPSWAT
/opt/cisco/anyconnect/lib
/Applications/Cisco/Cisco AnyConnect Secure MobilityClient.app/Contents/Resources/
/opt/cisco/anyconnect/iseposture/ISE
/opt/cisco/anyconnect/ampenabler/AMP
/opt/cisco/anyconnect/profileLinux
AnyConnect AnyConnectVPN AnyConnect UI
Windows SMS
1 (SMS)MSI PRE_DEPLOY_DISABLE_VPN=1 VPNmsiexec /package anyconnect-win-ver-pre-deploy-k9.msi /norestart /passive
PRE_DEPLOY_DISABLE_VPN=1 /lvx*
MSI VPNDisable_ServiceProfile.xml VPN
2 CLI
Cisco AnyConnect 4.1 9
AnyConnect AnyConnect
msiexec /package anyconnect-websecurity-win--pre-deploy-k9.msi /norestart /passive
/lvx* c:\test.log
3 DARTmisexec /package annyconnect-dart-win--k9.msi /norestart /passive /lvx* c:\test.log
4 Windows
5 Cisco AnyConnectWindows
AnyConnectDART
VPNDisable_ServiceProfile.xmlVPNAnyConnect
ISO
1 AnyConnect AnyConnect
2 Cisco AnyConnect VPN Module VPN VPN
3 LockDownComponentServicesWindows
4 VPN AnyConnect GUI Install Selecteda) /b) OK PRE_DEPLOY_DISABLE_VPN=1AnyConnect
Cisco AnyConnect 4.1 10
AnyConnect AnyConnect
c) VPN VPNDisable_ServiceProfile.xmld) e) VPN
Windows
ISO AnyConnectISO AnyConnectMSI ISO (setup.exe)AnyConnect ISO ISOHTA
ISO CD SlySoft PowerIS
ISO
ISO
HTA
AnyConnect ISO
AnyConnectGUI.ico
Setup.exe
DARTMSIanyconnect-dart-win-x.x.x-k9.msi
SBL SBLanyconnect-gina-win-x.x.x-pre-deploy-k9.msi
ISEMSIanyconnect-iseposture-win-x.x.x-pre-deploy-k9.msi
AMP EnablerMSIanyconnect-amp-win-x.x.x-pre-deploy-k9.msi
MSIanyconnect-nam-win-x.x.x.msi
MSIanyconnect-posture-win-x.x.x-pre-deploy-k9.msi
MSIanyconnect-websecurity-win-x.x.x-pre-deploy-k9.msi
AnyConnectMSIanyconnect-win-x.x.x-pre-deploy-k9.msi
Cisco AnyConnect 4.1 11
AnyConnect Windows
setup.exeautorun.inf
eula.html
HTML (HTA)
setup.hta
SMS AnyConnect ISO (*.msi)
2-24 SMS AnyConnect
Windows AnyConnect AlwaysInstallElevatedWindows(UAC)AnyConnect
Microsoft Internet Explorer (MSIE) Java ActiveX
MSIMSI ProfilesCCOMSI
SMSAltiris
Windows MSI
msiexec /package anyconnect-win-x.x.x-pre-deploy-k9.msi /norestart /passivePRE_DEPLOY_DISABLE_VPN=1 /lvx*
anyconnect-win-x.x.x-pre-deploy-k9-install-datetimestamp.log
VPNAnyConnect
Cisco AnyConnect 4.1 12
AnyConnect Windows
msiexec /package anyconnect-win-x.x.x-pre-deploy-k9.msi /norestart /passive /lvx*
anyconnect-win-x.x.x-pre-deploy-k9-install-datetimestamp.log VPNAnyConnect
msiexec /package anyconnect-win-x.x.x-pre-deploy-k9.msi /norestart /passiveDISABLE_CUSTOMER_EXPERIENCE_FEEDBACK=1 /lvx*
anyconnect-win-x.x.x-pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-dart-win-x.x.x-k9.msi /norestart /passive /lvx*
anyconnect-dart-x.x.x-pre-deploy-k9-install-datetimestamp.log(DART)
msiexec /package anyconnect-gina-win-x.x.x-k9.msi /norestart /passive /lvx*
anyconnect-gina-x.x.x-pre-deploy-k9-install-datetimestamp.log
SBL
msiexec /package anyconnect-nam-win-x.x.x-k9.msi /norestart /passive /lvx*
anyconnect-nam-x.x.x-pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-websecurity-win-x.x.x-pre-deploy-k9.msi/norestart/passive /lvx*
anyconnect-websecurity-x.x.x-pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-posture-win-x.x.x-pre-deploy-k9.msi /norestart/passive/lvx*
anyconnect-posture-x.x.x-pre-deploy-k9-install-datetimestamp.log
ASA
msiexec /package anyconnect-iseposture-win-x.x.x-pre-deploy-k9.msi/norestart/passive /lvx*
anyconnect-iseposture-x.x.x-pre-deploy-k9-install-datetimestamp.log
ISE
msiexec /package anyconnect-amp-win-x.x.x-pre-deploy-k9.msi / norestart/passive/lvx*
AnyConnect amp x.x.x - pre - deploy - k9 - install - datetimestamp.log
AMP
AnyConnect Windows
Windows (_)Windows VPNsampleTransforms-x.x.x.zip
Cisco AnyConnect 4.1 13
AnyConnect Windows
Windows Cisco AnyConnect
Windows AnyConnect
Windows
MSI (LOCKDOWN)WindowsMSI ISO
/ AnyConnect
AnyConnectWindows/(Add/Remove Program)ARPSYSTEMCOMPONENT=1Windows/(Add/Remove Program)
MSI
Windows AnyConnect
AnyConnect
1 AnyConnect GUI VPNSSL IPsec
2 AnyConnect (DART) AnyConnect
3 AMPSBL
4 AMP SBL
5 AnyConnect
6 DARTDART
Cisco AnyConnect 4.1 14
AnyConnect Windows
AnyConnect XML
Mac OS X
Mac OS X AnyConnectMac OS X AnyConnect DMG AnyConnect DMG AnyConnect.pkgInstallation Type
AnyConnectApple pkgutil ACTransforms.xml Cisco AnyConnect 4.1
Mac OS X VPN VPN AnyConnect UI
DMG AnyConnect AnyConnect
1 ScanCenter Cisco.com Cisco AnyConnect DMG
2
3 hdiutil convert -format UDRW -o
4 Windows
5
6 WebSecurity_ServiceProfile.xmlWebSecurity_ServiceProfile.wso WebSecurity_ServiceProfile.xml
7 WebSecurity_ServiceProfile.wsoWindows AnyConnectx.x.x/Profiles/websecurityMac OS Xcp \Volumes\"AnyConnect "\Profiles\websecurity\
Cisco AnyConnect 4.1 15
AnyConnect Mac OS X
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1.html
8 Mac OS X AnyConnect x.x.x/Profiles TextEditACTransforms.xml True VPN
True
9 Cisco.com Cisco AnyConnect x.x.xVPNDisable_ServiceProfile.xml AnyConnect AnyConnect AnyConnect x.x.x/profiles/vpn
10 AnyConnect DMG
Mac OS X MacOSX 10.8Gatekeeper
Mac App Store
Mac App Store
Mac(Mac App Store and identified developers)
AnyConnect AppleMac App StoreGatekeeper(Anywhere)Ctrl AnyConnecthttp://www.apple.com/macosx/mountain-lion/security.html
Linux
Linux Linux tar.gz
Cisco AnyConnect 4.1 16
AnyConnect Linux
http://www.apple.com/macosx/mountain-lion/security.html.http://www.apple.com/macosx/mountain-lion/security.html.
1 AnyConnect GUI VPNSSL IPsec
2 DART AnyConnect
3
Linux AnyConnect
DART
1
2 AnyConnect
3 DART
Firefox AnyConnect AnyConnectAnyConnect Firefox
Firefox
Linux AnyConnect AnyConnect FirefoxFirefox
Firefox
Firefox Firefox PEM
WindowsMSI 12
VPN
Cisco AnyConnect 4.1 17
AnyConnect Linux
VPN AMP
Linux DART1 anyconnect-dart-linux-(ver)-k9.tar.gz 3.0.3050 DART anyconnect-linux-(ver)-k9.pkg
2 tar -zxvf
URL Internet ExplorerWindows ASA Internet Explorer
ISE
ISE AnyConnect ISE AnyConnect ISE AnyConnect InternetExplorerActiveX AnyConnect
ISE
ISE ASA AnyConnect
ISEAnyConnect ISE ISEISE(Agent Configuration) >(Policy) >(Client Provisioning) NAC AnyConnect ISE
ASA
WebLaunch
4 Weblaunch AnyConnect
Internet Explorer 10
Firefox 9.0.1
Chrome 23.0.1271.95 m
Windows 8.x x8632 x6464
Internet Explorer 8 9
Firefox 3
Google Chrome 6
Windows 7 x8632 x6464
Safari 2
Google Chrome 6
Mac OS X 10.710.832 64
Firefox 3Linux64 VPN
Cisco AnyConnect 4.1 19
AnyConnect ASA
AnyConnect Cisco AnyConnect Cisco AnyConnect
AnyConnect
anyconnect-win-x.x.x-k9.pkgWindows
anyconnect-macosx-i386-x.x.x-k9.pkgMac OS X
anyconnect-linux-64-x.x.x-k9.pkgLinux64
ASA
ASA AnyConnect
1 Configuration > Remote Access > VPN > Network (Client) Access > AnyConnect ClientSoftwareAnyConnect ASA AnyConnect ASA
2 AnyConnect Add
Browse Flash ASA AnyConnect
Upload AnyConnect
3 OK Upload 4 Apply
AnyConnect
AnyConnect VPN
Start Before Logon AnyConnect
Cisco AnyConnect 4.1 20
AnyConnect ASA
http://www.cisco.com/cgi-bin/tablebuild.pl/anyconnect
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 VPN Policy > AnyConnect Client Client Modules to Download
Add ASA 4 Apply
ASDM AnyConnect ASA ASA
1 Configuration >Remote Access VPN >Network (Client) Access >AnyConnect Client Profile 2 Change Group Policy 3 Change Policy for Profile Available Group Policies
Policies
4 OK 5 AnyConnect Client Profile Apply 6 Save 7 OK
ISE ISE AnyConnectISE OPSWAT ISEISE ASA AnyConnect ISE
ISE ASA ASA AnyConnect VPNAnyConnect ISE ASA AnyConnect ISE
ISE ASA AnyConnect ISE AnyConnect AnyConnect ISE AnyConnect
ISE AnyConnect
Cisco AnyConnect 4.1 21
AnyConnect ISE
Internet Explorer ISE Anyconnect AnyConnect
ISE (NSA) NSA ISE Anyconnect
NSAWindowsMac OS X
ISE
ISE AnyConnect
AnyConnect ISE
AnyConnect
AnyConnect
ISE AnyConnect
AnyConnect ISE
AMPVPN AnyConnect ISE
AnyConnect gettext
Windows Installer
AnyConnect ISE
AnyConnect PC AnyConnect
AnyConnect ISE
ZIP ISE
AnyConnect UI
VPN
Cisco AnyConnect 4.1 22
AnyConnect ISE
AnyConnect
AnyConnect Gettext
AnyConnect ISE ISE
ISE AnyConnect AnyConnect ISE AnyConnect
ISE AnyConnectAnyConnect(AnyConnect ModuleSelection) VPN/ VPNVPNDisable_ServiceProfile.xml AnyConnect GUI VPNVPNDisable_ServiceProfile.xml AnyConnect CCO
1 ISE (Policy) > (Policy Elements) > (results)(Client Provisioning) (Resources) (Resources)
2 (Add) > (Agent resources from local disk) AnyConnect AnyConnect
3 Add > AnyConnect Configuration AnyConnect/ Opswat
ISEASAWindows AnyConnect AnyConnect ISE ISE AnyConnect
5ISE AnyConnect
ISE
AnyConnectDesktopWindows
AnyConnectDesktopOSX
AnyConnectWebAgentWindows
AnyConnectWebAgentOSX
AnyConnect
AnyConnectComplianceModuleWindows
AnyConnectComplianceModuleOSX
Cisco AnyConnect 4.1 23
AnyConnect ISE
ISE
AnyConnectProfile
ISE AnyConnect
AnyConnect
AnyConnectCustomizationBundle
AnyConnectLocalizationBundle
4 AnyConnect ISE NAC/MACAnyConnect NAC/MAC AnyConnect 2 AnyConnect
AnyConnect AnyConnect
AnyConnect - AnyConnect ASAAnyConnect ASAAnyConnect VPN
ASA - ASA
ISE - ISEISE AnyConnect
ISE (DACL) ASA ISE AnyConnect
ISE ASA
AnyConnect
1 AnyConnect(Connect)
2 ASA SSL ISEISE
Cisco AnyConnect 4.1 24
AnyConnect AnyConnect
3 AnyConnect AnyConnect VPN
ASA ISE
1 DACL ISE AnyConnect
2 Internet ExplorerActiveXAnyConnect (NSA) AnyConnect
3 AnyConnect ISE AnyConnect AnyConnect ISE
4 ISE
AnyConnect
1 ASA
2 ISE
3 AnyConnect Internet Explorer ActiveX Java
4 AnyConnect ASA VPN
ASA ISE
1 ISE AnyConnect
2 Internet ExplorerActiveX AnyConnect AnyConnect
3 AnyConnectVPN ISEAnyConnectISE
4 ISE
AnyConnect AnyConnect
VPN
Auto UpdateAnyConnect
VPN
Bypass Downloader ASA
Update Policy
Cisco AnyConnect 4.1 25
AnyConnect AnyConnect
WebLaunch AnyConnectASA AnyConnect
AnyConnect
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 Advanced > AnyConnect Client > Login Settings Inherit
Post Login Default Post Login Selection
4 OK Save
AutoUpdateAnyConnectAnyConnectAutoUpdate
(DeferredUpdate)(DeferredUpdate)AnyConnectWindowsLinux OS X Deferred Upgrade
ASA
ASA
ASA ASA/ASDM ASA/ASDM Cisco ASA VPN ASDM Cisco ASA VPN CLI
ASDM
*
True(false)
Falsetruefalse
DeferredUpdateAllowed
Cisco AnyConnect 4.1 26
AnyConnect WebLaunch AnyConnect
*
AnyConnect
VPN
0.0.0x.x.xDeferredUpdateMinimumVersion
DeferredUpdateMinimumVersion
DeferredUpdateDismissResponse
1500 - 300
DeferredUpdateDismissTimeout
DeferredUpdateDismissTimeout
DeferredUpdateDismissResponse
*
ISE
1 Policy > Resultsa)b) Client Provisioningc) Resources Add > Agent Resources from Local Disk
Cisco AnyConnect 4.1 27
AnyConnect WebLaunch AnyConnect
d) AnyConnect pkg Submit
2 AnyConnect
3 Resources AnyConnect AnyConnect ConfigurationAnyConnectConfiguration
GUI
DeferredUpdateDismissTimeout
AnyConnectAnyConnectVPN
(Server Name)AnyConnect
FQDN IP*.example.com
(Allow Software Updates FromAny Server) VPN
VPN (Allow VPN Profile Updates From AnyServer) VPN
(Allow Service Profile Updates From AnyServer)
ISE (Allow ISE Posture ProfileUpdates From Any Server) ISE
(AllowComplianceModuleUpdatesFromAnyServer)
Cisco AnyConnect 4.1 28
AnyConnect
(Server Name)
AnyConnect
AnyConnect
AnyConnect
AnyConnect
VPNISE
(Allow ... Updates From Any Server) AnyConnect
(Allow Software Updates From Any Server)
ASA
VPN
VPN (Allow VPN Profile Updates From Any Server)
VPNVPN
VPNVPN VPN
(Allow Service Profile Updates From Any Server)
Cisco AnyConnect 4.1 29
AnyConnect
ISE (Allow ISEPosture ProfileUpdates FromAny Server)
ISE ISE ISE
ISEISE ISE
(AllowComplianceModuleUpdates FromAnyServer)
ISE
(Server Name) IP IP IP FQDN
VPN VPN VPN
VPN
DNS
DNS
VPNPPP
VPN
(UpdateHistory.log) ASA
Cisco AnyConnect 4.1 30
AnyConnect
%AllUsers%\Application Data\Cisco\Cisco AnyConnect Secure MobilityClient\Logs
AnyConnect ASA
VPN XML
falsefalsefalsefalsefalsefalse
truetruetruefalsetrue
seattle.example.comnewyork.example.com
ASA
AnyConnect ASA
VPN 3.1.05182seattle.example.com
VPN 3.1.06079newyork.example.com
VPN 3.1.07021raleigh.example.com
AnyConnect VPN
seattle.example.comAnyConnect VPN VPN
newyork.example.com AnyConnectASAVPN
raleigh.example.com ASAVPN VPN
Cisco AnyConnect 4.1 31
AnyConnect
VPN
AnyConnect
AnyConnectAnyConnect GUI Preferences
AnyConnect Start Before Logon AutoConnect OnStart
C:\Users\username\AppData\Local\Cisco\ Cisco AnyConnect VPN Client \preferences.xml
Windows
C:\ProgramData\Cisco\CiscoAnyConnect VPNClient\ preferences_global.xml
/Users/username/.anyconnectMac OS X
/opt/cisco/anyconnect/.anyconnect_global
/home/username/.anyconnectLinux
/opt/cisco/anyconnect/.anyconnect_global
AnyConnect VPN Cisco VPN Cisco AnyConnect
Cisco AnyConnect
TCP 443TLS (SSL)
TCP 80SSL
UDP 443DTLS
UDP 500UDP 4500IPsec/IKEv2
Cisco AnyConnect 4.1 32
AnyConnectAnyConnect
Cisco VPN (IPsec)
UDP 500UDP 4500IPsec/NATT
UDP 500UDP 4500IPsec/NATT
TCPIPsec/TCP
UDP 500UDP XIPsec/UDP
Cisco AnyConnect 4.1 33
AnyConnectAnyConnect VPN
Cisco AnyConnect 4.1 34
AnyConnectAnyConnect VPN
2 AnyConnect
AnyConnect 35
AnyConnect GUI 43
AnyConnect GUI 49
AnyConnect 57
58
AnyConnect API 62
AnyConnect ISE 63
AnyConnect
Web AnyConnect Web SSLSSL AnyConnect AnyConnect(StartAnyConnect)
-(Enable CustomerExperience Feedback Service)
Cisco AnyConnect 4.1 35
MST - sampleTransforms-X.X.xxxxx.zipanyconnect-win-disable-customer-experience-feedback.mst
(Windows)Windows AnyConnect
- msiexecWeb
-Microsoft OrcaOrcaMicrosoft Windows Installer (SDK)Microsoft Windows SDKWindows SDKhttp://msdn.microsoft.comWindows SDK
Web(Configuration)>VPN(RemoteAccessVPN)>(Network (Client) Access) >AnyConnect/(AnyConnectCustomization/Localization) >(Customized Installer Transforms)Web
ISO setup.hta HTML
AnyConnect
Windows Windows AnyConnectMicrosoftWindows
MTU - VPN (RESET_ADAPTER_MTU) 1WindowsMTU
Windows - Cisco AnyConnect
AnyConnect
VPNMSI (LOCKDOWN)LOCKDOWNWindowsMSICiscoAnyConnect
Cisco AnyConnect 4.1 36
AnyConnect (Windows)
AMP VPN
ActiveX - AnyConnect VPNVPNWebLaunch ActiveX AnyConnect 3.1 VPN ActiveX
AnyConnectVPN ActiveXAnyConnect NOINSTALLACTIVEX=0 msiexec
AnyConnect/(Add/RemoveProgram) -AnyConnectWindows/(Add/Remove Program) ARPSYSTEMCOMPONENT=1
MSI Cisco AnyConnect
AnyConnect Windows MSI
msiexec /package anyconnect-win-ver-pre-deploy-k9.msi /norestart /passivePRE_DEPLOY_DISABLE_VPN=1 /lvx*
anyconnect-win--pre-deploy-k9-install-datetimestamp.log
VPNAnyConnect
msiexec /package anyconnect-win-ver-pre-deploy-k9.msi /norestart /passive /lvx*
anyconnect-win--pre-deploy-k9-install-datetimestamp.log VPNAnyConnect
msiexec /package anyconnect-win-ver-pre-deploy-k9.msi /norestart /passiveDISABLE_CUSTOMER_EXPERIENCE_FEEDBACK=1 /lvx*
anyconnect-win--pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-dart-win-ver-k9.msi /norestart /passive /lvx*
anyconnect-dart--pre-deploy-k9-install-datetimestamp.log(DART)
msiexec /package anyconnect-gina-win-ver-k9.msi /norestart /passive /lvx*
anyconnect-gina--pre-deploy-k9-install-datetimestamp.log
SBL
Cisco AnyConnect 4.1 37
AnyConnect (Windows)
msiexec /package anyconnect-nam-win-ver-k9.msi /norestart /passive /lvx*
anyconnect-nam--pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-websecurity-win-ver-pre-deploy-k9.msi/norestart/passive /lvx*
anyconnect-websecurity--pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-posture-win-ver-pre-deploy-k9.msi /norestart/passive/lvx*
anyconnect-posture--pre-deploy-k9-install-datetimestamp.log
msiexec /package anyconnect-amp-win-ver-pre-deploy-k9.msi /norestart/ passive/lvx*
anyconnect-amp--pre-deploy-k9-install-datetimestamp.log
AMP
Windows
1 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > Customized Installer Transforms
2 Import Import AnyConnect Customization Objects
Cisco AnyConnect 4.1 38
AnyConnect (Windows)
3 ASA
4 Import Now
AnyConnect
company_logo.bmpMyProfile.xml
DATA CHANGE - Component Component ComponentId+ MyProfile.xml {39057042-16A2-4034-87C0-8330104D8180}
Directory_ Attributes Condition KeyPathProfile_DIR 0 MyProfile.xml
DATA CHANGE - FeatureComponents Feature_ Component_+ MainFeature MyProfile.xml
DATA CHANGE - File File Component_ FileName FileSize Version Language Attributes Sequence+ MyProfile.xml MyProfile.xml MyProf~1.xml|MyProfile.xml 601 8192 35
company_logo.bmp 37302{39430} 8192{0}
DATA CHANGE - Media DiskId LastSequence DiskPrompt Cabinet VolumeLabel Source+ 2 35
Cisco AnyConnect 4.1 39
AnyConnect (Windows)
AnyConnect AnyConnectASAMSI GUI
AnyConnectAnyConnect AnyConnect cisco.com
OrcaASA
30 cisco.comAnyConnect .zip
anyconnect-win--web-deploy-k9-lang.zip
AnyConnect 3.1.xxxxx
.mst30 ASAMicrosoftOrcaOrcaMicrosoftWindows (SDK)Microsoft Windows SDK
ASDM ASA
1 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > Localized Installer Transforms
2 Import Import MST Language Localization
Cisco AnyConnect 4.1 40
AnyConnect (Windows)
3 Language
4 Import Now
5 Apply
(ES) LanguagesAnyConnect
Cisco AnyConnect 4.1 41
AnyConnect (Windows)
(Mac OSX)
AnyConnectMacAnyConnect
ACTransforms.xml Mac OS X Mac OS X .pkg ACTransforms.xml XML
1 .pkgProfile2 Profile3 .dmgProfile
XML
ValueValue
OS X ACTransforms.xml DisableVPNACTransforms.xml DMG Profiles
Mac OS X
1 hdiutil dmg/hdiutil convert anyconnect-macosx-i386-ver-k9.dmg -format UDRW -oanyconnect-macosx-i386-ver-k9-rw.dmg
2 ACTransforms.xmlfalse
Cisco AnyConnect 4.1 42
AnyConnect (Mac OSX)
(Linux)
ACTransform.xml Linux Linux .pkg ACTransforms.xml XML
.pkgProfile
Profile
.dmgProfile
Profiles XML ACTransforms.xml
ValueValue
AnyConnect GUI (ASA) AnyConnect ASDMWindows
Windows www.cisco.com
Windows
Windows
WindowsAnyConnectAnyConnectASAAnyConnectASA AnyConnect www.cisco.com 47
)
Cisco AnyConnect 4.1 43
AnyConnect (Linux)
GUI
AnyConnect ID
47(Save to File) ASDM
ASA
ASAAltirisGettext AnyConnect (anyconnect.po) .mo .mo
AnyConnect
/
UI
Cisco AnyConnect 4.1 44
AnyConnect AnyConnect GUI
AnyConnect IDAnyConnectGUI
Save to File ASDM
1 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > GUI Text and Messages
2 Add Add Language Localization Entry
Cisco AnyConnect 4.1 45
AnyConnect AnyConnect
3 Language (en)
4 Edit Edit Language Localization Entrymsgidmsgstr msgid msgstr
Call your network administrator at 800-553-2447
5 OK Apply
Cisco AnyConnect 4.1 46
AnyConnect AnyConnect
1 www.cisco.com
2 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > GUI Text and Messages
3 Import Import Language Localization Entry 4
5
6 Import Now AnyConnectAnyConnect
AnyConnect
ASA Altiris AgentGettextAnyConnect .po.mo
GettextGNUGNUgnu.orgGUIGettext Poeditpoedit.net Gettext
AnyConnectAnyConnect
\l10n l ("el")10 n
Windows - :\Program Data\Cisco\Cisco AnyConnect SecureMobility Client\l10n\\LC_MESSAGES
Mac OS X Linux -/opt/cisco/anyconnect/l10n//LC_MESSAGES
Cisco AnyConnect 4.1 47
AnyConnect
1 http://www.gnu.org/software/gettext/ Gettext Gettext
2 AnyConnect AnyConnect AnyConnect.po
3 AnyConnect.po notepad.exe
4 Gettext .po .momsgfmt -o AnyConnect.mo AnyConnect.po
5 .mo
ASA AnyConnect
GNU GettextWindows GNU gnu.org GUI Gettext Poeditpoedit.net
AnyConnectASA
1 Remote Access VPN > Language Localization > Templates AnyConnect AnyConnect.pot msgmerge.exe
2 AnyConnectWindows Gettext AnyConnect (.po) (.pot) AnyConnect_merged.po
msgmerge -o AnyConnect_merged.po AnyConnect.po AnyConnect.pot
C:\Program Files\GnuWin32\bin> msgmerge -o AnyConnect_merged.po AnyConnect.po
AnyConnect.pot....................................... done.
Cisco AnyConnect 4.1 48
AnyConnect ASA
Poedit AnyConnect.po File > Open > POTCatalog >Update PoeditUpdate Summary
3 Remote Access VPN > Language Localization Import AnyConnect AnyConnect_merged.po
Windows ASAAnyConnect
Windows
1 Control Panel > Region and Languages Clock,Language, and Region > Change display language
2 /
3
AnyConnectfr-caAnyConnectfr
AnyConnect GUI AnyConnect AnyConnect VPN
AnyConnect GUIMac LinuxWindows company_logo.png AnyConnectGUI
company_logo.bmp AnyConnect company_logo.bmp
Cisco AnyConnect 4.1 49
AnyConnect Windows
http://www.cisco.com/en/us/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac06websecurity.html
AnyConnect GUI AnyConnect
1 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > Resources
2 ImportImport AnyConnect Customization Objects
3
4 Import Now
Cisco AnyConnect 4.1 50
AnyConnect AnyConnect GUI
Windows AnyConnect Windows
%PROGRAMFILES%\Cisco\Cisco AnyConnect Secure Mobility Client\res\
%PROGRAMFILES%Windows C:\ProgramFiles
x
Windows
24 x 24
PNG
about.png
(Advanced)(About)
24 x 24
PNG
about_hover.png
(Advanced)(About)
128 x 128
PNG
app_logo.png
128 x 128 128 x128
Cisco AnyConnect 4.1 51
AnyConnect Windows AnyConnect
x
Windows
16 x 16
ICO
attention.ico
97 x 58
PNG
company_logo.png
(Advanced)
97 x 58 97 x 58
97 x 58
PNG
company_logo_alt.png
About
97 x 58 97 x 58
1260 x 1024
JPEG
cues_bg.jpg
(Advanced)(About)
Cisco AnyConnect 4.1 52
AnyConnect Windows AnyConnect
x
Windows
16 x 16
ICO
error.ico
16 x 16
ICO
neutral.ico
16 x 16
ICO
transition_1.ico
transition_2.ico transition_3.ico VPN3
16 x 16
ICO
transition_2.ico
transition_1.ico transition_3.ico VPN3
Cisco AnyConnect 4.1 53
AnyConnect Windows AnyConnect
x
Windows
16 x 16
ICO
transition_3.ico
transition_1.ico transition_2.ico VPN3
16 x 16
ICO
vpn_connected.ico
VPN
Linux AnyConnect Linux
/opt/cisco/anyconnect/pixmaps/
GUI
x
Linux
142 x 92
PNG
company-logo.png
AnyConnect 3.0 62x33 PNG
Cisco AnyConnect 4.1 54
AnyConnect Linux AnyConnect
x
Linux
16 x 16
PNG
CVCabout.png
About
16 x 16
PNG
cvc-connect.png
(Connect)(Connection)
16 x 16
PNG
CVCdisconnect.png
(Connection)
16 x 16
PNG
CVCinfo.png
(Statistics)
16 x 16
PNG
systray_connected.png
16 x 16
PNG
systray_notconnected.png
Cisco AnyConnect 4.1 55
AnyConnect Linux AnyConnect
x
Linux
16 x 16
PNG
systray_disconnecting.png
16x16
PNG
systray_quarantined.png
16 x 16
PNG
systray_reconnecting.png
48 x 48
PNG
vpnui48.png
Mac OS X AnyConnect OS X
/Cisco AnyConnect Secure Mobility Client/Contents/Resources
GUI
Cisco AnyConnect 4.1 56
AnyConnect Mac OS X AnyConnect
x Mac OS X
142 x 92
PNG
bubble.png
50 x 33
PNG
logo.png
128 x 128
ICNS
vpngui.icns
Mac OS X
16 x 16
PNGMac OS X
AnyConnect AnyConnectAnyConnectAnyConnectAnyConnect PDF HTML
Cisco AnyConnect 4.1 57
AnyConnect AnyConnect
1 help_AnyConnect.html HTML
2 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectCustomization/Localization > Binary
3 help_AnyConnect.xxxPDFHTMLHTMMHT 4 PC AnyConnect PC
UI
5 AnyConnect
help_AnyConnect.html
Windows - C:\ProgramData\Cisco\Cisco AnyConnect Secure MobilityClient\Help
Mac OS X - /opt/cisco/anyconnect/help
AnyConnect
VPN OnConnect
VPN OnDisconnect
VPNOnConnect VPN OnConnect
VPN
VPN
VPN
AnyConnectWebLaunch
Cisco AnyConnect 4.1 58
AnyConnect
AnyConnect
- AnyConnectOnConnectOnDisconnect
- AnyConnect OnConnect onDisconnectOnConnectOnDisconnectAnyConnectAnyConnect VBSPerl Bash
-
Windows -MicrosoftWindowsAnyConnectWindows VPNAnyConnectWindows cmd .bat
-AnyConnect EnableScripting
GUI - GUI VPNOnDisconnect
64Windows - AnyConnect 32 64WindowsAnyConnect cmd.exe 32
32 cmd.exe 64 cmd.exe32Windows 7 64cmd.exe msg %WINDIR%\SysWOW64
32 cmd.exe
AnyConnect
Cisco AnyConnect 4.1 59
AnyConnect
1
2
ASDM ASA
Network (Client) Access > AnyConnect Customization/Localization > Script
ASDM6.3ASA scripts_OnConnect OnDisconnect scripts_ OnConnect OnDisconnect myscript.bat scripts_OnConnect_myscript.bat OnConnect_myscript.bat
ASDM 6.3
scripts_OnConnect
scripts_OnDisconnect
ASAASA
VPN
OnConnect
OnDisconnect
6
%ALLUSERSPROFILE%\Cisco\CiscoAnyConnect SecureMobilityClient\Script
Microsoft Windows
/opt/cisco/anyconnectLinux
Linux
/opt/cisco/anyconnect/scriptMac OS X
Cisco AnyConnect 4.1 60
AnyConnect
AnyConnect
1 VPN Preferences (Part 2) 2 Enable Scripting VPN 3 User Controllable On Connect OnDisconnect 4 Terminate Script On Next Event
AnyConnectVPNVPNOnDisconnectOnConnectMicrosoftWindowsOnConnect OnDisconnectMac OS LinuxOn Connect OnDisconnect
5 Enable Post SBL On Connect Script SBLVPN On Connect
ASA VPN
1 OnConnect OnDisconnect
2
3 VPN OnConnect OnDisconnectASA OnConnect ASA OnConnect OnConnect OnDisconnect ASA VPN
Cisco AnyConnect 4.1 61
AnyConnect AnyConnect
OnConnect OnDisconnect VPN
4 Linux
5
AnyConnect API WindowsLinuxMacAnyConnectAPI (UI) AnyConnect UI
CLI GUI
vpncli.exevpnui.exeWindows
vpnvpnuiLinux
vpnASAAltirisGUIMac
Mac
ASA
AnyConnectAnyConnectAnyConnectUI AnyConnect ASDMAnyConnect
Cisco AnyConnectGUI
Cisco AnyConnect 4.1 62
AnyConnect AnyConnect API
AnyConnect ISE
AnyConnect AnyConnect AnyConnect ISEAnyConnect ISEAnyConnect AnyConnect
ISE AnyConnect Gettext .po .mo Gettextmsgfmt http://www.gnu.org/software/gettext/ Gettext Gettext
1 AnyConnecta) www.cisco.com Cisco AnyConnect Software Download
AnyConnect-Localization-(release).zip *.po
b) *.poc) Gettext *.po *.mo
msgfmt -o AnyConnect.mo AnyConnect.po
2 AnyConnecta) l10nb) l10nfr-ch
c)
l10n\fr-ch\AnyConnect.mo\he\AnyConnect.mo\ja\AnyConnect.mo
3 Windows AnyConnecta) www.cisco.comCiscoAnyConnect
anyconnect-win-(release)-web-deploy-k9-lang.zipanyconnect-gina-win-(release)-web-deploy-k9-lang.zip
AnyConnectAnyConnect
Cisco AnyConnect 4.1 63
AnyConnect AnyConnect ISE
b)
4 Windows AnyConnecta) mstb) mstfr-ch
c)
l10n\fr-ch\AnyConnect.mo\he\AnyConnect.mo\ja\AnyConnect.mo
mst\fr-ch\AnyConnect_fr-ca.mst\he\AnyConnect_he.mst\ja\AnyConnect_ja.mst
5 AnyConnect-Localization-Bundle-.zip AnyConnect
AnyConnect ISE AnyConnect AnyConnect ISE
AnyConnect AnyConnect AnyConnect GUIVPN ISE AnyConnect ISEAnyConnectwin\resource\
\binary\transform
mac-intel\resource\binary\transform
AnyConnectWindowsMac OSX resourcebinary transform
resource AnyConnect GUI
AnyConnect GUI 49
binary VPN
AnyConnect AnyConnect 57
VPN 58
transform
Windows (Windows) 36
Cisco AnyConnect 4.1 64
AnyConnect AnyConnect
Max OSX ACTransforms.xmlMac OS X 42
AnyConnect
1
2 resourcesAnyConnect GUI
3 binary help_AnyConnect.html
4 binary VPN OnConnect OnDisconnect
5 transform
6 AnyConnect-Customization-Bundle.zip AnyConnect
AnyConnect ISE AnyConnect AnyConnect ISE
Cisco AnyConnect 4.1 65
AnyConnect AnyConnect
Cisco AnyConnect 4.1 66
AnyConnect AnyConnect
3 AnyConnect
67
68
AnyConnect VPN 70
AnyConnect 84
Cisco AnyConnect ASAAnyConnectASDM
AnyConnectASDM AnyConnect AnyConnect
Windows
AnyConnect AnyConnect VPN 70
AnyConnect 84
144
ISE 177
182
AMP 202
209
Cisco AnyConnect 4.1 67
ASDM
AnyConnect
AnyConnect ASDMWindows
ASDM ASA
1 ASDM Configuration > Remote Access VPN > Network (Client) Access > AnyConnectClient Profile
2 Add 3
4 Profile Usage
5 Profile Location Browse Flash ASA XML
6 Upload 7 AnyConnect
8 OK
ASDMWindowsVPN
CiscoAnyConnect(AddorRemovePrograms) VPN
Java - JRE 1.6
JRE 1.6
Cisco AnyConnect 4.1 68
AnyConnect ASDM
-Windows 7MSIWindows
- Firefox Internet Explorer
- Cisco AnyConnect 5 MBJRE 1.6 100 MB
ASAVPNGUI ASA FQDN ASA
AnyConnect AnyConnect AnyConnect ISO .pkgWindows(.exe)anyconnect-profileeditor-win--k9.exe
1 Cisco.com anyconnect-profileeditor-win--k9.exe
2 anyconnect-profileeditor-win--k9.exe
3 Welcome Next 4 Choose Setup Type Next
Typical -
(Custom) -
(Complete) -
5 TypicalComplete CustomWill be installed on local hard drive Entire Feature willbe unavailable Next
6 Ready to Install Install 7 Finish
AnyConnectC:\Program Files\Cisco\Cisco AnyConnectProfile Editor
(Start) > (All Programs) > (Cisco) >Cisco AnyConnect (Cisco AnyConnect Profile Editor)
Cisco AnyConnect 4.1 69
AnyConnect AnyConnect
XMLASA XML
1 Start > All Programs > Cisco > Cisco AnyConnect ProfileEditor
2 File > Open XML
VPN Schema Validation failed
3 File > Save
AnyConnect VPN AnyConnect Cisco AnyConnect VPNISEAnyConnectASA
ASA ISE AnyConnectAnyConnect VPN VPN
AnyConnectGUI(Preferences)
/
Cisco AnyConnect 4.1 70
AnyConnect
AnyConnect 1 Use Start Before Logon -WindowsWindowsAnyConnectWindows VPN
ShowPre-connectMessage -AnyConnect
Certificate Store - AnyConnect (All)
All- AnyConnect
Machine - AnyConnectWindows
User - AnyConnect
Certificate Store Override - AnyConnectWindows
WindowsWindows
Auto Connect on Start -AnyConnectAnyConnectVPN
Minimize On Connect - VPNAnyConnect GUI
Local LAN Access - ASA VPN LAN
LAN8.4(1)SSL AnyConnect VPN VPN 2
Auto Reconnect -AnyConnect VPN Auto Reconnect
Cisco AnyConnect 4.1 71
AnyConnect AnyConnect 1
DisconnectOnSuspend- AnyConnect VPN
ReconnectAfterResume -AnyConnect VPN
Auto Update - User Controllable
RSA Secure ID IntegrationWindows- RSAAnyConnect RSA
Windows Logon Enforcement - (RDP)VPNVPNAnyConnectVPN VPN
Single Local Logon-VPN PC VPNVPN
VPNVPN PC VPN VPN
Single Logon - VPNVPNVPNVPNVPN VPN
WindowsVPNEstablishment -PCVPNAnyConnect
Local Users Only- VPN AnyConnect
Allow Remote Users -VPNVPNVPNPCVPNVPN 90
Clear SmartCard PIN
IP Protocol Supported - IPv4 IPv6 AnyConnectASAAnyConnect IPAnyConnect IPv4AnyConnect IPv6
IP
IPv4 - ASA IPv4
Cisco AnyConnect 4.1 72
AnyConnect AnyConnect 1
IPv6 - ASA IPv6
IPv4, IPv6 - ASA IPv4 IPv4 IPv6
IPv6, IPv4 - ASA IPv6 IPv6 IPv4
IPv4 IPv6 VPN IP IP VPN
AnyConnect 2 (Disable Automatic Certificate Selection)Windows-
(Proxy Settings) - AnyConnect
(Native) - AnyConnect
(IgnoreProxy) - ASA
(Override) - LinuxWindows
(Allow Local Proxy Connections) -AnyConnectWindows PC VPN
(EnableOptimalGatewaySelection) (OGS) IPv4-AnyConnect (RTT) OGS OGS(Automatic Selection) GUI(Connection)(Connect To)
Cisco AnyConnect 4.1 73
AnyConnect AnyConnect 2
OGS
(Always On)
(PAC)
AAA
(SuspensionTimeThreshold)-VPN
(Performance Improvement Threshold)
(Performance ImprovementThreshold) (%)-
20%
VPN (Automatic VPN Policy)WindowsMac- AnyConnect(Trusted Network Detection allowing AnyConnect)(Trusted Network Policy)(Untrusted Network Policy) VPN VPN Automatic VPNPolicy VPN
Trusted Network Policy -AnyConnect VPN
Disconnect- VPN
Connect - VPN
Do Nothing - Trusted Network PolicyUntrustedNetwork Policy Do Nothing Trusted Network Detection
Pause - VPNAnyConnect VPNAnyConnect VPN
Untrusted Network Policy -AnyConnectVPNVPN
Connect- VPN
Cisco AnyConnect 4.1 74
AnyConnect AnyConnect 2
DoNothing -VPNTrustedNetwork PolicyUntrustedNetwork PolicyDoNothingTrustedNetworkDetection
Trusted DNS Domains - DNS*.cisco.com (*) DNS
Trusted DNS Servers - DNS 192.168.1.2, 2001:DB8::1DNS (*)
Always On -WindowsMac OS XAnyConnect VPN
VPN AnyConnectVPN
VPN
Allow VPN Disconnect - AnyConnect VPN Disconnect VPN VPNVPN Disconnect
DisconnectVPN Disconnect VPN
Connect Failure Policy - AnyConnect VPN ASA Allow VPN Disconnect fail-openfail-close
Closed - VPN
Open - VPN
Cisco AnyConnect 4.1 75
AnyConnect AnyConnect 2
AnyConnect VPN
ACL VPNAnyConnect
VPN AnyConnect
VPN
Connect Failure Policy Closed
Allow Captive Portal Remediation -AnyConnect
VPN
Remediation Timeout - AnyConnect AllowCaptive Portal Remediation5
Apply Last VPNLocal Resource Rules -VPNASA ASA LAN ACL
(Allow Manual Host Input) - AnyConnect UI VPN VPN VPN
PPP Exclusion - PPP VPNAnyConnectGUI Route Details PPP
Automatic - PPPAnyConnect PPP IP IP
Disabled - PPP
Override - PPP PPP IP PPP
Cisco AnyConnect 4.1 76
AnyConnect AnyConnect 2
PPP Exclusion
PPP Exclusion Server IP - PPP IP
PPP
Enable Scripting - OnConnect OnDisconnect
Terminate Script On Next Event -VPNAnyConnectOnConnect VPN OnDisconnectMicrosoftWindows OnConnect OnDisconnectMac OS Linux OnConnect OnDisconnect
Enable Post SBL On Connect Script - OnConnect SBLVPN VPNMicrosoft Windows
VPN -Windows VPN
User Enforcement - VPN Retain VPNOn Logoff VPNWindows
Authentication Timeout Values -AnyConnect 12AnyConnect 0 - 20
AnyConnect
Host Address - IP (FQDN)
Add -
Move Up -
Move Down -
Delete -
AnyConnect
AnyConnect
Cisco AnyConnect 4.1 77
AnyConnect AnyConnect
Key UsageDigital_Signature
Extended Key UsageClient Auth
Key Usage -
Decipher_Only -Key_Agreement
Encipher_Only -Key_Agreement
CRL_Sign - CRL CA
Key_Cert_Sign - CA
Key_Agreement -
Data_Encipherment - Key_Encipherment
Key_Encipherment -
Non_Repudiation -Key_Cert_signCRL_Sign
Digital_Signature -Non_RepudiationKey_Cert_SignCRL_Sign
Extended Key Usage - Extended Key UsageOID
ServerAuth (1.3.6.1.5.5.7.3.1)
ClientAuth (1.3.6.1.5.5.7.3.2)
CodeSign (1.3.6.1.5.5.7.3.3)
EmailProtect (1.3.6.1.5.5.7.3.4)
IPSecEndSystem (1.3.6.1.5.5.7.3.5)
IPSecTunnel (1.3.6.1.5.5.7.3.6)
IPSecUser (1.3.6.1.5.5.7.3.7)
TimeStamp (1.3.6.1.5.5.7.3.8)
OCSPSign (1.3.6.1.5.5.7.3.9)
DVCS (1.3.6.1.5.5.7.3.10)
IKE Intermediate
Custom ExtendedMatch Key 10- 10 OID 1.3.6.1.5.5.7.3.11
Distinguished Name 10- (DN)
Name - (DN)
Cisco AnyConnect 4.1 78
AnyConnect AnyConnect
CN -
C -/
DC -
DNQ - DN
EA -
GENQ -
GN -
I -
L -
N -
O -
OU -
SN -
SP -/
ST -
T -
ISSUER-CN -
ISSUER-DC -
ISSUER-SN -
ISSUER-GN -
ISSUER-N -
ISSUER-I -
ISSUER-GENQ -
ISSUER-DNQ - DN
ISSUER-C -/
ISSUER-L -
ISSUER-SP -/
ISSUER-ST -
ISSUER-O -
ISSUER-OU -
ISSUER-T -
Cisco AnyConnect 4.1 79
AnyConnect AnyConnect
ISSUER-EA -
Pattern -
abc.cisco.com cisco.comcisco.com
Operator - DN
Equal - ==
Not Equal - !=
Wildcard -
Match Case -
133
AnyConnect AnyConnect (SCEP)
Certificate Expiration Threshold -AnyConnectRADIUS 0 180
Certificate Import Store -Windows
Automatic SCEPHost - SCEP SCEPASA ASA (FQDN)asa.cisco.com scep_eng
CA URL - SCEP SCEP CA CA FQDN IPhttp://ca01.cisco.com
Prompt For Challenge PW - GetCertificate
Thumbprint - CA SHA1MD5
CACAURLfingerprintthumbprint
Certificate Contents - SCEP
Cisco AnyConnect 4.1 80
AnyConnect AnyConnect
(CN) -
(OU) -
(O) -
(ST) -
(SP) -
/ (C) -/
(EA) - (EA) %USER%@cisco.com%USER% ASA
(DC) - (DC) cisco.com
(SN) -
(GN) -
UnstructName (N) -
(I) -
(GEN) -Jr.III.
(DN) - DN
(L) -
(T) -
CA - SCEP CA
- RSA
DisplayGetCertificate Button -AnyConnect GUIGet Certificate
RADIUS
122
AnyConnect AnyConnect 3.0Windows Mobile Cisco AnyConnect 2.5Windows Mobile
Cisco AnyConnect 4.1 81
AnyConnect AnyConnect
AnyConnect GUIVPN
-IP (FQDN)
- IP FQDN
- URL
SCEP -
CA URL - (CA) URL
Add/Edit - Server List Entry
Delete -
Details - CA URL
VPN 93
AnyConnect /
Host Display Name -IP (FQDN)
FQDN or IP Address - IP FQDN
Host Address IP FQDN Host NameAnyConnect
Hostname FQDN Host Address IPHostname FQDN DNS
IP IPv4 IPv6
User Group -
URL Primary Protocol IPsecUser Group SSL URL
Additional mobile-only settings - Apple iOS Android
Backup Server List
Cisco AnyConnect 4.1 82
AnyConnect AnyConnect
Host Address - IP FQDN
Add -
Move Up -
Move Down -
Delete -
Load Balancing Server List
Host Address - IP FQDN
Add -
Delete -
Primary Protocol - SSL IPsec IKEv2 SSL
Standard Authentication Only (IOS Gateways)- IPsec IOS
ASAAnyConnectEAP ASA DNSMSIE
Auth Method During IKE Negotiation -
IKE Identity - EAP ID_GROUP IDi *$AnyConnectClient$*
Automatic SCEP Host - SCEP
CAURL - SCEP CAURL FQDN IPhttp://ca01.cisco.com
Prompt For Challenge PW - Get Certificate
CA Thumbprint - CA SHA1MD5
Cisco AnyConnect 4.1 83
AnyConnect AnyConnect
CA CA URLfingerprintthumbprint
VPN 93
AnyConnect AnyConnectLocalPolicy.xml XMLASA
VPN AnyConnectLocalPolicy.xmlXML
AnyConnect AnyConnect
acversion=""
FIPS Mode
FIPS FIPS
Bypass Downloader
VPNDownloader.exe ASA
Bypass Downloader ASA
ASA VPN VPN
ASA VPN VPN VPN
Cisco AnyConnect 4.1 84
AnyConnect AnyConnect
ASA VPNASABypassDownloader true ASA BypassDownloader true
Enable CRL Check
Windows SSL IPsec VPN(CRL)AnyConnectCRLAnyConnect
(CA)
CRLEnable CRL CheckAnyConnect CRL
CRLAnyConnect Strict Certificate Turst
CRLCRLAnyConnect Strict Certificate Turst StrictCertificate Turst
Always OnAnyConnect CRL CRL AnyConnect
Restrict Web Launch
FIPSWebLaunch AnyConnect Cookie
Strict Certificate Trust
AnyConnect Local
policy prohibits the acceptance of untrusted server certificates. A connection will
not be established.
AnyConnect Strict Certificate Trust
Strict Certificate Trust
AnyConnect
Strict Certificate Trust
Cisco AnyConnect 4.1 85
AnyConnect
AnyConnectAnyConnect
Credentials -
Thumbprints -
CredentialsAndThumbprints -
All -
false -
PEM (Exclude Pem File Cert Store)LinuxMac
PEM
FIPS OpenSSL PEM FIPS
Mac (Exclude Mac Native Cert Store)Mac
Mac
Firefox NSS (Exclude Firefox NSS Cert Store)LinuxMac
Firefox NSS
Update Policy
Allow Software Updates From AnyServer
VPN
Allow VPN Profile Updates From AnyServer
VPN
Allow Service Profile Updates FromAnyServer
Allow ISEPosture Profile Updates FromAny Server
ISE
Allow Compliance Module Updates From AnyServer
Cisco AnyConnect 4.1 86
AnyConnect
Server Name
VPNAnyConnect FQDNIP
1 AnyConnect (AnyConnectLocalPolicy.xml)
7 AnyConnect
C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility ClientWindows
/opt/cisco/anyconnectLinux
/opt/cisco/anyconnectMac OS X
2 AnyConnectLocalPolicy AnyConnect VPN
3 AnyConnectLocalPolicy.xml
4
MST
MSTMST AnyConnect(AnyConnectLocalPolicy.xml)
LOCAL_POLICY_BYPASS_DOWNLOADER
LOCAL_POLICY_FIPS_MODE
LOCAL_POLICY_RESTRICT_PREFERENCE_CACHING
LOCAL_POLICY_RESTRICT_TUNNEL_PROTOCOLS
Cisco AnyConnect 4.1 87
AnyConnect
LOCAL_POLICY_RESTRICT_WEB_LAUNCH
LOCAL_POLICY_STRICT_CERTIFICATE_TRUST
AnyConnect
FIPS FIPS FIPS AnyConnect FIPSWindows LinuxMac root
FIPS FIPS
EnableFIPSFIPS FIPS
FIPS vpnagent (Windows) vpnagentMac Linux
Windows FIPS
EnableFIPS rwl=false sct=true bd=true fm=false
LinuxMac
./EnableFIPS rwl=false sct=true bd=true fm=false
FIPS AnyConnect
fm=[true | false]FIPS
bd=[true | false]
rwl=[true | false]WebLaunch
sct=[true | false]
rpc=[Credentials | Thumbprints | CredentialsAndThumbprints | All | false]
Cisco AnyConnect 4.1 88
AnyConnect FIPS
efn=[true | false] Firefox NSSLinuxMac
epf=[true | false] PEMLinuxMac
emn=[true | false]MacMac
Cisco AnyConnect 4.1 89
AnyConnect FIPS
Cisco AnyConnect 4.1 90
AnyConnect FIPS
4 VPN
VPN 91
VPN 115
VPN 118
VPN
AnyConnect VPN AnyConnect VPN VPN
AnyConnect
VPN
AnyConnect VPN
Windows VPN
AnyConnect VPN
VPN
VPN VPN
VPN
Cisco AnyConnect 4.1 91
AnyConnect
ASA AnyConnect VPN VPN
(Keepalive) - ASAASA ASA
ASDM(Keepalive) ASDM Cisco ASA 5500
CLI Keepalive CLI Cisco ASA 5500
(Dead PeerDetection) - ASAAnyConnectR-U-There IPsec
ASA DPDASA
ASA DPD 300
ASA DPDDPD 30
ASA DPDASDMDPDCisco ASA VPN ASDMCLIDPDCisco ASA VPNCLI
DPD30(GroupPolicy)>(Advanced)>AnyConnect(AnyConnect Client) >(Dead Peer Detection)
DPD 300(Group Policy) >(Advanced)>AnyConnect(AnyConnectClient) >(DeadPeerDetection)
SSL IPsec 1(Group Policy) >(Advanced) >AnyConnect(AnyConnect Client) >(KeyRegeneration)
AnyConnect
AnyConnect VPN
VPN
(Default Idle Timeout) - 30
CLI webvpn default-idle-timeout 1800
Cisco AnyConnect 4.1 92
VPN AnyConnect VPN
http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_anyconnect.html#wp1090828http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_anyconnect.html#wp1090828http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_anyconnect.html#wp1090788http://www.cisco.com/en/US/docs/security/asa/asa91/configuration/vpn/vpn_anyconnect.html#wp1090788
VPN(VPN Idle Timeout) - SSL VPN vpn-idle-timeout default-idle-timeout
ASDM VPN ASDM Cisco ASA 5500
CLI VPN CLI Cisco ASA 5500
VPN AnyConnect VPN VPNFQDN IP
AnyConnect GUI Connect to VPN GUI
1 VPN Server List 2 Add 3
a) Host Display NameFQDN IP&
IPsec SSL URL
b) IPsec Standard Authentication OnlyAnyConnect EAP
AnyConnect EAP ASA DNSMSIE
7 SCEPa) SCEP CA URL FQDN IPhttp://ca01.cisco.comb) Prompt For Challenge PW Get Certificate
c) CA SHA1MD5 CA CAURLfingerprintthumbprint
8 OK
AnyConnect 82AnyConnect/ 82
Windows VPN
(SBL)Windows VPN
SBLAnyConnectWindows VPNWindows
SBLSBL 802-1X
SBLWindowsWindows
Windows (PLAP) AnyConnect SBL
PLAP Ctrl+Alt+Del Network ConnectPLAP
PLAPWindows 32 64
SBL
Active Directory
Cisco AnyConnect 4.1 94
VPN Windows VPN
Microsoft Active Directory
SBL
Active Directory
MS NAP/CS NAC
AnyConnect
AnyConnect
1 AnyConnect
2 AnyConnect SBL
AnyConnect
AnyConnectAnyConnect SBLAnyConnect DLLWindows 7Windows 2008 32 64 PLAP vpnplap.dll vpnplap64.dll
VPNGINA PLAP AnyConnectVPNGINA PLAP
SBL ASA SBL AnyConnectMSIAnyConnect
Cisco AnyConnect 4.1 95
VPN Windows VPN
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 Advanced > AnyConnect Client 4 Optional Client Module for Download Inherit 5 AnyConnect SBL
AnyConnect SBL
SBLSBL
SBL
1 VPN Preferences (Part 1) 2 Use Start Before Logon 3 SBL User Controllable
SBL
Cisco AnyConnect 4.1 96
VPN Windows VPN
1 AnyConnect ASA
2 *.xml
3 Windows Add/Remove Programs SBL
4 AnyConnect
5 AnyConnect
6 Start Before Logon
7 DART AnyConnect
8 AnyConnect
Description: Unable to parse the profile C:\Documents and Settings\All Users\ApplicationData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\VABaseProfile.xml. Host data notavailable.
9 .tmpl .xml XML
AnyConnect VPN Auto Connect On StartAnyConnectVPN VPN
Auto Connect On Start
1 VPN Preferences (Part 1) 2 Auto Connect On Start 3 Auto Connect On Start User Controllable
Windows (PLAP) (SBL)Windows VPN
Cisco AnyConnect 4.1 97
VPN AnyConnect VPN
SBL AnyConnect (PLAP)PLAPWindows SBLPLAP vpnplap.dll vpnplap64.dll 32 64PLAP x86 x64
PLAPvpnplap.dll vpnplap64.dll SBLPLAP DLLWindows 7Windows 2008 32 64 PLAP
PLAPAnyConnectPLAP
SBLPLAPAnyConnect SBL 96 Switch User Network Connect
Alt+Tab
PLAP Windows PC
1 Windows Ctrl+Alt+Del Switch User
2 Switch UserNetwork ConnectAnyConnect Switch User VPN Network Connect VPN CancelVPN
3 NetworkConnectAnyConnectAnyConnect
4 GUIAnyConnect
5 Network ConnectMicrosoft Disconnect
6
Cisco AnyConnect 4.1 98
VPN Windows (PLAP)
AnyConnect PLAP VPN
PLAP AnyConnect VPNPLAP Disconnect
DisconnectVPN
Disconnect
PLAP PC Cancel
PC
WindowsPress CTRL + ALT + DEL to log on
Windows PLAP AnyConnect
VPN Auto ReconnectAnyConnectVPN 3GAutoReconnectWindowsMac OS Linux
Auto Reconnect VPN
1 VPN Preferences (Part 1) 2 Auto Reconnect 3 Auto Reconnect Behavior
Disconnect On Suspend -AnyConnect VPN
Reconnect After Resume -VPN
Cisco AnyConnect 4.1 99
VPN VPN
(TND) AnyConnect VPN VPN
TNDVPNVPNTND VPNVPN TNDVPN
AnyConnect VPN TND ASAAnyConnect
TNDAnyConnect GUIGUIGUI TND VPN
AnyConnect SBL
IPv4 IPv6 ASA IPv6 IPv4 VPN
TND
TNDAnyConnect
ASA TND
ASA ASA
ASA ASA
Cisco AnyConnect 4.1 100
VPN
1 VPN Preferences (Part 1) 2 Automatic VPN Policy 3 Trusted Network Policy
Disconnect - VPN
Connect - VPN
Do Nothing - Trusted Network Policy UntrustedNetwork Policy Do Nothing Trusted Network Detection (TND)
Pause -VPNAnyConnect VPNAnyConnect
VPN
4 Untrusted Network Policy
Connect - VPN
Do Nothing - VPNTrusted Network Policy Untrusted Network Policy Do Nothing Trusted NetworkDetection
5 Trusted DNS Domains DNSDNS split-dns ASA DNS
AnyConnect DNS
DNS
DNS DNS Advanced TCP/IP Settings
TrustedDNSDomains DNS
*example.comexample.com
Cisco AnyConnect 4.1 101
VPN
TrustedDNSDomains DNS
*.example.com OR example.com,anyconnect.example.com
example.com AND anyconnect.cisco.com
*.example.com OR asa.example.com,anyconnect.example.com
asa.example.com AND example.cisco.com
(*) DNS
6 Trusted DNS Servers DNSDNS203.0.113.1,2001:DB8::1 (*) DNS
DNS DNS IPmus.cisco.com DNS DNSmus.cisco.com
TrustedDNSDomains/TrustedDNSServersTrustedDNSServers DNS
VPN
7 URLWeb (Add)URL (Set)
DNSDNS DNS DNS
VPN
VPN VPN VPN
VPNVPNASAAnyConnect VPN
VPNAnyConnect AnyConnect ASA
AnyConnect
Cisco AnyConnect 4.1 102
VPN VPN
VPNAnyConnect VPN VPN (Allow VPN Disconnect) AnyConnect VPN(Disconnect)VPN Disconnect
DisconnectVPNVPNDisconnectVPN VPN
VPN AnyConnect VPN
VPN
AnyConnect VPNAnyConnect VPN
VPN
VPN VPN
(CA)ASDMConfiguration> Remote Access VPN > Certificate Management > Identity Certificates EnrollASA SSL VPN with Entrust
ASA
PC
Windows C:\ProgramData
AnyConnect
Windows (GPO)GUIMacOS
Cisco AnyConnect 4.1 103
VPN VPN
VPN
1 AnyConnect VPN
2
3 VPN
AnyConnect VPN
VPN ASA VPN VPN
1 VPN Preferences (Part 2) 2 Automatic VPN Policy 3
4 Always On 5 Allow VPN Disconnect 6
7
VPN AnyConnect VPN VPN
ASDM
Cisco AnyConnect 4.1 104
VPN VPN
1 VPN Server List 2 Edit 3 FQDN IP
VPN
VPN
ASA AnyConnectVPN
AAA
1 Configuration >Remote Access VPN >Network (Client) Access >Dynamic Access Policies >Add Edit
2 VPN Selection Criteria ID AAA
3 Add or Edit Dynamic Access Policy AnyConnect
Cisco AnyConnect 4.1 105
VPN VPN
4 VPN for AnyConnect client Disable
VPN AnyConnect VPNAnyConnect
VPNAnyConnect
AnyConnect VPN
VPNWeb
Disconnect Disconnect
VPN
VPN
Cisco AnyConnect 4.1 106
VPN VPN
Web
Apply Last VPN Local Resources VPN
AnyConnect
AnyConnect
VPN
AnyConnect VPN
VPN
1 VPN Preferences (Part 2) 2 Connect Failure Policy
Closed-
Open -
3 a) b) VPNApplyLastVPNLocal
Resources
Cisco AnyConnect 4.1 107
VPN VPN
Wi-Fi/
VPN AnyConnectAnyConnect
AnyConnect
The service provider in your current location is restricting access to the Internet.You need to log on with the service provider before you can establish a VPN session.You can try this by visiting any website with your browser.
VPN
The service provider in your current location is restricting access to the Internet.The AnyConnect protection settings must be lowered for you to log on with the serviceprovider. Your current enterprise security policy does not allow this.
AnyConnectVPNVPN
AnyConnect VPN
1 VPN Preferences (Part 1) 2 (Allow Captive Portal Remediation)
3
Cisco AnyConnect 4.1 108
VPN
AnyConnect
AnyConnect
AnyConnect (CN) ASA AnyConnect
ASA CN VPN ASA
ASA ASA HTTPS ASA AnyConnect ASA
ASAASAHTTPHTTPS HTTP ASA HTTP/HTTPS ASA HTTP/HTTPS
HTTPIP
DoS HTTP
L2TP PPTP AnyConnect/ ISP 2 (L2TP) (PPTP)
(PPP)AnyConnect PPP VPN ASAASAAnyConnectPPP AnyConnect GUI Route Details
1 VPN Preferences (Part 2) 2 PPPExclusionUserControllable
Cisco AnyConnect 4.1 109
VPN L2TP PPTP AnyConnect
Automatic - PPPAnyConnect PPP IP IP
Override -PPPPPP IPPPPExclusionUserControllable true
Disabled - PPP
3 PPP Exclusion Server IP PPP IP UserControllable preferences.xml PPP IP
preferences.xml PPP
PPP PPP Exclusion AnyConnect
1 XML
Windows%LOCAL_APPDATA%\Cisco\CiscoAnyConnect SecureMobility Client\preferences.xml
Mac OS X/Users/username/.anyconnect
Linux/home/username/.anyconnect
2 PPPExclusion Override PPP IP IPv4
Override192.168.22.44
3
4 AnyConnect
Cisco AnyConnect 4.1 110
VPN L2TP PPTP AnyConnect
AnyConnect
AnyConnect AnyConnect VPN
AnyConnectKaspersky
AnyConnectVPN
WindowsAnyConnectMac Linux
Windows
VPN
AnyConnect SBLWindowsMicrosoft
VPN
VPNWindows Linux
VPN AnyConnect 2
ASAAnyConnectAnyConnectAnyConnect (PAC) ASAAnyConnect
Cisco AnyConnect 4.1 111
VPN AnyConnect
AnyConnect
LinuxMac OS XWindows
Safari InternetExplorer
IE
IPv6
VPN
1 VPN Preferences (Part 2) 2 Allow Local Proxy Connections
Windows LinuxAnyConnect4.1Mac LinuxMac
Linux AnyConnect
AnyConnectNTLMAnyConnectAnyConnect ASA
Cisco AnyConnect 4.1 112
VPN AnyConnect
Windows
Windows
1 Internet Explorer Internet Options 2 Connections LAN Settings 3 IP
Mac
1
2 Advanced
3 Proxies
4 HTTPS
5 Secure Proxy Server
Linux
Linux
1 ASA Cisco ASA VPN ASDM
Mac scutil --proxy ASA VPN
2
3 Internet Explorer Connections
Cisco AnyConnect 4.1 113
VPN AnyConnect
http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1336831http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1336831
AnyConnect PCMicrosoft Internet Explorer SafariAnyConnect
1 VPN Preferences (Part 2) 2 Proxy Settings IgnoreProxyIgnore Proxy
ASA
Internet Explorer Connections
AnyConnect Internet Explorer Tools > Internet Options > Connections
ASA Connections
ASA
Windows Connections ASA
ASA ASDM
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 Advanced > Browser Proxy Proxy Server Policy 4 Proxy Lockdown 5 Inherit Yes AnyConnect Internet Explorer
ConnectionsNoAnyConnect Internet ExplorerConnections
6 OK 7 Apply
Cisco AnyConnect 4.1 114
VPN AnyConnect
Windows
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Mac OS X
scutil --proxy
VPN
IPv4 IPv6 VPN Client Bypass Protocol AnyConnect ASA IPv6 IPv4 ASA IPv4 IPv6
AnyConnect ASA VPNASA IPv4/ IPv6
IP Client Bypass Protocol ASA IP IP VPN
Client Bypass Protocol VPNIP
ASA IPv4AnyConnectIPv6 Client Bypass ProtocolIPv6 Client Bypass ProtocolIPv6
ASA Client Bypass Protocol
1 ASDMConfiguration > RemoteAccess VPN > Network (Client) Access > Group Policies 2 Edit Add 3 Advanced > AnyConnect 4 Client Bypass Protocol Inherit 5
Disable ASA IP
Enable IP
Cisco AnyConnect 4.1 115
VPN VPN
6 OK 7 Apply
Cisco ASA VPN ASDM
Cisco ASA VPN ASDMAnyConnect
ASDM Configuration > Remote Access VPN > Network (Client) Access >AnyConnect Connection Profiles > Add/Edit > Group Policy
DNS DNSAnyConnect DNS DNS DNS DNS DNS DNSAnyConnect DNS
DNS DNS AAAAANSTXTMXSOAANYSRVPTRCNAME PTR
WindowsMac OS X AnyConnect DNS
Mac OS XAnyConnect IPDNS
IP IPv4 DNS IP IPv6 IP
IP DNS
DNS DNS
Cisco AnyConnect 4.1 116
VPN
http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1409337http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1543109http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1543109
1 DNS Cisco ASA VPN ASDM
DNS DNS
2 - Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Advanced >Split TunnelingTunnelNetworkListBelowNetworkList
DNS Exclude Network List Below Tunnel Network List Below DNS
3 DNS Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Advanced >Split Tunneling Send All DNS lookups through tunnel DNS Names
ASDM Configuration > Remote Access VPN > Network (Client) Access >AnyConnect Connection Profiles > Add/Edit > Group Policy
AnyConnect DNS DNS AnyConnectReceived VPN Session ConfigurationSettings DNSIPv4 DNS IPv6 DNS
DNS DNS ping DNS nslookup dig DNS
DNS
1 ipconfig/all DNS 2 VPN DNS
Cisco AnyConnect 4.1 117
VPN DNS
http://www.cisco.com/en/US/docs/security/asa/asa91/asdm71/vpn/vpn_asdm_setup.html#wp1351696
DNS
ASA
VPN
AnyConnect Strict Certificate Trust
Strict Certificate Trust
AnyConnect
Strict Certificate Trust
Strict Certificate Trust Cisco AnyConnect4.1
AnyConnect (CRL)
CRLCRLWindowsMac OS X CRL
ASA
FQDN FQDN SSL FQDN IP
IPsec SSLDigitalSignature KeyAgreement KeyEncipherment EKU
Cisco AnyConnect 4.1 118
VPN VPN
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1.htmlhttp://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1.html
serverAuth SSL IPsec ikeIntermediate IPsecKU EKU
IPsec IPsec
DNS IPIP
OSXShow Expired Certificates()
CN(Change Settings)(Keep Me Safe)
Linux
Cisco AnyConnect 4.1 119
VPN
(Keep Me Safe)
(Change Settings) AnyConnect(Advance) > VPN >(Preferences)
(Block connections to untrusted servers) CA(Certificate Blocked Error Dialog)
Cisco AnyConnect 4.1 120
VPN
VPN (Always trust this VPN server and import thecertificate)
AnyConnect (Advanced) > VPN > (Preferences) (Block connections to untrusted servers) AnyConnect
(Strict Certificate Trust)(Strict Certificate Trust)
(StrictCertificateTrust)CiscoAnyConnect 4.1 AnyConnect
AnyConnect VPN Always On DAP
(Strict Certificate Trust)
AnyConnect
Cisco AnyConnect 4.1 121
VPN
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1.htmlhttp://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1.html
AAA ID
URL URL
ASADepartment_OUASA
CA
1 Configuration > Remote Access VPN > Network (Client) Access > AnyConnect ConnectionProfiles Edit Edit AnyConnect Connection Profile
2 Basic Authentication Certificate
3 OK
Cisco AnyConnect (SCEP) AnyConnect IPsec SSL VPN ASA SCEP
SCEPASA (CA) SCEP
CA ASA AnyConnect CA
SCEPAnyConnect CA
CA AnyConnect ASA VPN
Cisco AnyConnect 4.1 122
VPN
AnyConnect 80
SCEP SCEP AnyConnect ASA
1 AAA ASAASA AAA
2 AAA AAA SCEP
3 ASA CA CA
4 SCEP ASA
SCEP
SCEP
SCEP SSL SSL IPsec
SCEP AnyConnect SCEP
1 ASAASA
2 SCEP
3 AAASCEP ASAASA AAA
4 AAA
SCEP 2 Get Certificate CA
CA VPN VPNAAA
Cisco AnyConnect 4.1 123
VPN
5 AAA VPN
6 SCEP 2VPN CA CA
7 SCEP ASA
SCEP
SCEP
(Certificate Expiration Threshold) (Get Certificate)
SCEP
SCEP CA IOS CSWindows Server 2003 CAWindows Server 2008CA
CA
CACA AnyConnect CA SCEPSCEP CA
ASAVPN SCEPWebLaunch AnyConnect SCEP
ASA SCEP
ASACA
ASA
URL URL
ASA Engineering Department_OUASA
Cisco AnyConnect 4.1 124
VPN
ASAaaa.cisco.sceprequiredDAP
Windows
Windows Yes
SCEP
SCEP VPN
1 VPN Certificate Enrollment 2 Certificate Enrollment 3 Certificate ContentsAnyConnect
%machineid%HostScan/Posture
ASA SCEP
SCEP ASA VPN
1 cert_group
General SCEP Forwarding URL CA URL
Advanced > AnyConnect Client Inherit for Client Profiles to Download SCEP ac_vpn_scep_proxy
2 cert_tunnel
AAA
cert_group
Advanced > General Enable SCEP Enrollment for this Connction Profile
Cisco AnyConnect 4.1 125
VPN
Advanced >GroupAlias/GroupURL (cert_group)URL
SCEP
SCEP VPN
1 VPN Certificate Enrollment 2 Certificate Enrollment 3 Automatic SCEP Host
FQDN IP SCEPasa.cisco.com ASAscep_eng asa.cisco.com/scep-eng
SCEP FQDN IPSCEP
4 CA CA URLfingerprintthumbprint
a) CA URL SCEP CA FQDN IPhttp://ca01.cisco.com/certsrv/mscep/mscep.dll
b) Prompt For Challenge PWc) CA SHA1MD5
8475B661202E3414D4BB223A464E6AAB8CA123AB
5 Certificate ContentsAnyConnect
%machineid%HostScan/Posture
6 DisplayGet Certificate Button
7 SCEP Certificate EnrollmentSCEPa) Server Listb) Add Editc) 5 6 Automatic SCEP Host Certificate Authority
Cisco AnyConnect 4.1 126
VPN
ASA SCEP
ASA SCEP VPN
1 cert_enroll_group Advanced > AnyConnect Client Inherit for Client Profiles to Download SCEP ac_vpn_legacy_scep
2 cert_auth_group
3 cert_enroll_tunnel
Basic Authentication Method AAA
Basic Default Group Policy cert_enroll_group
Advanced > GroupAlias/Group URL URL (cert_enroll_group)
ASA
4 cert_auth_tunnel
Basic Authentication Method Certificate
Basic Default Group Policy cert_auth_group
ASA
5 GeneralConnection Profile (Tunnel Group) LockSCEP SCEP
SCEP Windows 2008 Windows 2008 SCEP AnyConnect
SCEP
SCEP SCEP
Cisco AnyConnect 4.1 127
VPN
1 (Start) > (Run) regedit (OK)
2 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\EnforcePassword EnforcePassword
3 EnforcePassword0 REG-DWORD
4 regedit
SCEP
SCEP
1 Server Manager Start > Admin Tools > Server Manager
2 Roles > Certificate Services AD Certificate Services
3 CA Name > Certificate Templates
4 Certificate Templates > Manage 5 Cert Templates Console Duplicate
6 Windows Server 2008 version OK 7 NDES-IPSec-SSL
8
9 Cryptography
10 Subject Name Supply in Request 11 Extensions Application Policies
IP
IP IKE intermediate
IP
IP
SSL IPsec
Cisco AnyConnect 4.1 128
VPN
12 Apply OK 13 Servermanager >Certificate Services-CANameCertificate TemplatesNew>Certificate
Template to Issue NDES-IPSec-SSL OK 14 Start > Runregedit OK 15 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP
16 NDES-IPSec-SSL
EncryptionTemplate
GeneralPurposeTemplate
SignatureTemplate
17 Save
AnyConnectCertificate Expiration ThresholdAnyConnectAnyConnect
RADIUS
1 VPN Certificate Enrollment 2 Certificate Enrollment 3 Certificate Expiration Threshold
AnyConnect
0 0 180
4 OK
AnyConnectAnyConnect
Cisco AnyConnect 4.1 129
VPN
AnyConnectWindowsMac Unix Privacy EnhancedMail (PEM)
1 WindowsWindows 130 VPN AnyConnect
2 WindowsWindows 131 AnyConnect
3 Mac LinuxMac Linux PEM 132
4 Mac Linux VPN
5 133AnyConnect AnyConnect
Windows WindowsVPNAnyConnectAnyConnect
Windows Certificate Store Override AnyConnect
Windows Certificate Store Override
AnyConnect Certificate Store Certificate Store OverrideWindows
AnyConnect Certificate StoreOverride
Certificate Store
AnyConnect AnyConnect
Cisco AnyConnect 4.1 130
VPN
AnyConnect Certificate StoreOverride
Certificate Store
AnyConnect AnyConnect
AnyConnect AnyConnect
Machine
AnyConnect AnyConnect
Machine
AnyConnect
1 Certificate Store AnyConnect (All)
All- AnyConnect
Machine - AnyConnectWindows
User - AnyConnect
2 AnyConnect Certificate StoreOverride
Windows AnyConnectSCEPAnyConnect
Windows
Cisco AnyConnect 4.1 131
VPN
1 VPN Preferences (Part 2) 2 Disable Certificate Selection 3 User Controllable Advanced > VPN > Preferences
Mac Linux PEM AnyConnect (PEM)AnyConnect PEM
.pem
.key
client.pem client.key
PEM PEM
PEM
PEM
CA~/.cisco/certificates/ca(1) ~
~/.cisco/certificates/client
~/.cisco/certificates/client/private
PEM /opt/.cisco ~/.cisco
Cisco AnyConnect 4.1 132
VPN
AnyConnect AnyConnect VPN Certificate Matching
AnyConnect 77
KeyUsageAnyConnectVPN Key Usage
DECIPHER_ONLY
ENCIPHER_ONLY
CRL_SIGN
KEY_CERT_SIGN
KEY_AGREEMENT
DATA_ENCIPHERMENT
KEY_ENCIPHERMENT
NON_REPUDIATION
DIGITAL_SIGNATURE
Extended Key Usage AnyConnect (OID)
OID
1.3.6.1.5.5.7.3.1serverAuth
1.3.6.1.5.5.7.3.2ClientAuth
1.3.6.1.5.5.7.3.3CodeSign
1.3.6.1.5.5.7.3.4EmailProtect
Cisco AnyConnect 4.1 133
VPN
OID
1.3.6.1.5.5.7.3.5IPSecEndSystem
1.3.6.1.5.5.7.3.6IPSecTunnel
1.3.6.1.5.5.7.3.7IPSecUser
1.3.6.1.5.5.7.3.8TimeStamp
1.3.6.1.5.5.7.3.9OCSPSign
1.3.6.1.5.5.7.3.10DVCS
1.3.6.1.5.5.8.2.2IKE Intermediate
OID 1.3.6.1.5.5.7.3.11 OID OID
Distinguished Name Add
SubjectCommonNameCN
SubjectSurNameSN
SubjectGivenNameGN
SubjectUnstructNameN
SubjectInitialsI
SubjectGenQualifierGENQ
SubjectDnQualifierDNQ
SubjectCountryC
SubjectCityL
SubjectStateSP
Cisco AnyConnect 4.1 134
VPN
SubjectStateST
SubjectCompanyO
SubjectDeptOU
SubjectTitleT
SubjectEmailAddrEA
DomainComponentDC
IssuerCommonNameISSUER-CN
IssuerSurNameISSUER-SN
IssuerGivenNameISSUER-GN
IssuerUnstructNameISSUER-N
IssuerInitialsISSUER-I
IssuerGenQualifierISSUER-GENQ
IssuerDnQualifierISSUER-DNQ
IssuerCountryISSUER-C
IssuerCityISSUER-L
IssuerStateISSUER-SP
IssuerStateISSUER-ST
IssuerCompanyISSUER-O
IssuerDeptISSUER-OU
IssuerTitleISSUER-T
IssuerEmailAddrISSUER-EA
IssuerDomainComponentISSUER-DC
Distinguished NameDistinguished Name
Cisco AnyConnect 4.1 135
VPN
SDI (SoftID) VPN AnyConnectWindows 7 x8632 x6464 RSA SecurID 1.1
RSA SecurIDRSA SecurID 60 SDI Security Dynamics, Inc.
AnyConnectAnyConnect
SDI AnyConnect PIN RSASecurIDRSA
RSASecurIDPINPINAnyConnect PIN
URLURLURL/()AnyConnect (Network (Client) Access AnyConnect Connection Profiles) (Allow user to select connection)URL
SDIPasscode NTLMPassword 2.1
RSA SecurID PIN RSA SecurID SDIPasscodeEnter ausername and passcode or software token PIN PINPIN PIN RSA SecurID DLL
AnyConnect SDIPIN
Passcode
RSASecureIDIntegration
Automatic - (HardwareToken) PIN (SoftwareToken) SDI
Cisco AnyConnect 4.1 136
VPN SDI (SoftID) VPN
SDI
SDISKIHardwareToken
SoftwareToken - PINPIN:
HardwareToken -Passcode:
AnyConnect RSA RSA SecurID GUI
SDI SDI
SDI
PIN
PIN
SDI
SDI PIN PINSDI RADIUS SDI
SDI SDI
PIN PIN
PIN SDI
Cisco AnyConnect 4.1 137
VPN SDI (SoftID) VPN
PINPINAnyConnectPINPIN
PIN PIN SDI PIN
PIN PIN PIN PIN (00000000) PINRSASDIPIN
SDI PIN PIN SDI PIN RSASDI PIN
PIN
PIN SDI
PIN
PIN
PIN PIN
SDI PIN PIN
PIN SDI PIN PIN
PIN AnyConnect PINPIN 48 PIN
RADIUSPIN PIN
PIN PIN RSA SecurIDDLL RSA SecurID DLL
SDI RADIUS SDI SDI
SDI SDI SDI
Cisco AnyConnect 4.1 138
VPN SDI (SoftID) VPN
RADIUS SDI RADIUS SDI SDI SDI
SDI RADIUS SDI SDI SDIASA SDIAnyConnect
RADIUS SDI SDI SDI
RADIUSASA SDIASA SDIRADIUS AnyConnect SDIASA RADIUS
SDI SDIASA SDI
AnyConnect
ASA RADIUS/SDI ASA SDI RADIUS AnyConnect SDI RADIUS SDI
1 Configuration > Remote Access VPN > Network (Client) Access > AnyConnect ConnectionProfiles
2 SDI RADIUS Edit 3 Edit AnyConnect Connection Profile Advanced
Group Alias / Group URL 4 Enable the display of SecurID messages on the login screen 5 OK 6 Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups 7 Add AAA 8 Edit AAA Server Group AAA OK 9 AAA Server Groups AAA Servers in the Selected
Group Add 10 SDIMessage Table ASA
RADIUSRADIUS RADIUS
Cisco AnyConnect 4.1 139
VPN SDI (SoftID) VPN
ASA (ACS) ACS ASA
new PIN new-pin-sup next-ccode-and-reauth new-pin-supnew PIN RADIUSnew PIN with the next card code new-pin-supnext-ccode-and-reauth
RADIUS
PINEnter Next PASSCODEnext-code
PIN PIN PINnew-pin-sup
PIN PINPINnew-pin-meth
PIN PINAlpha-Numerical PIN
new-pin-req
ASA PINPIN
PINnew-pin-reenter
PIN PINnew-pin-sys-ok
PIN PIN
PIN
next-ccode-and-reauth
ASA PIN
PINready - for - sys -PIN
11 OK Apply Save
Cisco AnyConnect 4.1 140
VPN SDI (SoftID) VPN
5
141
143
144
2 2
Mac OS X Linux AnyConnect ISE AnyConnect ISE
Cisco AnyConnect
(IEEE 802.3) (IEEE 802.11)
Windows 7 (3G)MicrosoftAPIWAN
Windows
Windows
IEEE 802.1X
IEEE MACsec
EAP
Cisco AnyConnect 4.1 141
EAP-FASTPEAPEAP-TTLSEAP-TLS LEAPEAP-MD5EAP-GTCIEEE 802.3 EAP-MSCHAPv2
EAP
PEAP - EAP-GTCEAP-MSCHAPv2 EAP-TLS
EAP-TTLS - EAP-MD5 EAP-MSCHAPv2PAPCHAPMSCHAPMSCHAPv2
EAP-FAST - GTCEAP-MSCHAPv2 EAP-TLS
-WEPWEPTKIP AES
- WPAWPA2/802.11i
AnyConnect
WindowsMicrosoft CAPI 1.0 CAPI 2.0 (CNG)
WindowsECDSA (SSO)ECDSA
B FIPS FIPS
ACS ISE Suite B OpenSSL 1.x FreeRADIUS 2.x Suite BMicrosoftNPS 2008 Suite BNPS RSA
802.1X/EAP Suite B RFC 5430 TLS 1.2
MACsecWindows 7 FIPS
Windows 7 Elliptic Curve Diffie-Hellman (ECDH)
Windows 7 ECDSA
Windows 7 ECDSA CA
Windows 7 ECDSA CAPEM
Windows 7 ECDSA
Microsoft Windows Cisco AnyConnectAnyConnect
Cisco AnyConnect 4.1 142
B FIPS
Windows
Windows
RDP
user/example [email protected]
PIN
Windows EnforceSingleLogon
Windows EnforceSingleLogon OverlayIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\CredentialProviders\{B12744B8-5BB7-463a-B85E-BB7627E7