CHAPTER
 
2-1
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
2
Common AnyConnect VPN Client Installation and 
Configuration Procedures
Installing the AnyConnect Client
The installation and configuration consists of two parts: what you have to do on the security appliance 
and what you have to do on the remote PC. The AnyConnect client software part of the ASA Release 
8.0(1) and later and ASDM Release 6.0 and later. You can decide whether to make the AnyConnect client 
software permanently resident on the remote PC, or whether to have it resident only for the duration of 
the connection.
This chapter contains procedures for installing the AnyConnect client software on the ASA5500 using 
the A
daptive Security Device Manager (ASDM) or the CLI command interf
ace. It also describes how to 
install the AnyConnect client on a user’s PC and how to enable AnyConnect client features after 
installation.
WebLaunch Mode
Without a previously-installed client, remote users enter into their browser the IP address or DNS name 
of an interface configured to accept clientless SSL VPN connections. Unless the security appliance is 
configured to redirect http:// requests to https://, users must enter the URL in the form https://<address>.
Note A user with a clientless SSL VPN connection can switch to an AnyConnect client SSL VPN connection 
by clicking the AnyConnect drawer on the portal and following the instructions on that page.
After the user enters the URL, the browser connects to that interface and displays the login screen. If the 
user satisfies the login and authentication, and the security appliance identifies the user as requiring the 
client, it loads the client that matches the operating system of the remote computer. After loading, the 
client installs and configures itself, establishes a secure SSL connection and either remains or uninstalls 
itself (depending on the security appliance configuration) when the connection terminates.
Standalone Mode
In the case of a previously-installed client, when the user authenticates, the security appliance examines 
the revision of the client, and upgrades the client as necessary.
When the client negotiates an SSL VPN connection wi
th the security appliance, it connects using 
Transport Layer Security (TLS). The client can also negotiate a simultaneous Datagram Transport Layer 
Security (DTLS) connection. DTLS avoids latency and bandwidth problems associated with some SSL 
connections and improves the performance of real-time applications that are sensitive to packet delays.