7-12
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Chapter 7      Configuring and Using AnyConnect Client Operating Modes and User Profiles
Configuring Profile Attributes
You must also specify on the security appliance that you want to allow SBL (or any other modules for 
additional features). See the description in the section Enabling Modules for Additional AnyConnect 
Features, page 5-5 (ASDM) or Enabling Modules for Additional AnyConnect Features, page 6-4 (CLI) 
for a description of how to do this.
Configuring the ServerList Attribute
One of the main uses of the profile is to provide a means of supplying a user of the client with a list of 
hosts to which they can connect. The user then selects the appropriate server. This server list consists of 
host name and host address pairs. The host name can be an alias used to refer to the host, an FQDN, or 
an IP address. If an FQDN or IP address is used, a HostAddress element is not required. In establishing 
a connection, the host address is used as the connection address unless it is not supplied. This allows the 
host name to be an alias or other name that need not be directly tied to a network addressable host. If no 
host address is supplied, the connection attempt tries to connect to the host name.
As part of the definition of the server list, a default serv
er can be specified. This default server is 
identified as such the first time a user attempts a connection using the client. If a user connects with a 
server other than the default then for this user, the new default is the selected server. The user selection 
does not alter the contents of the profile.   Instead, the user selection is entered into the user preferences.
<?xml version="1.0" encoding="UTF-8" ?> 
<Configuration> 
<ServerList> 
<HostEntry>
<HostName>MarketingASA01</HostName>
<HostAddress>209.165.200.224,/HostAddress>
</HostEntry>
<HostEntry>
<HostName>EngineeringASA01</HostName>
<HostAddress>209.165.200.225,/HostAddress>
</HostEntry>
</ServerList> 
Configuring the Certificate Match Attribute
The AnyConnect client supports the following certificate match types. Some or all of these may be used 
for client certificate matching. Certificate matching are global criteria that can be set in an AnyConnect 
profile. The criteria are:
  • Key Usage
  • Extended Key Usage
  • Distinguished Name
Certificate Key Usage Matching
Certificate key usage offers a set of constraints on the broad types of operations that can be performed 
with a given certificate. The supported set includes:
  • DIGITAL_SIGNATURE
  • NON_REPUDIATION
  • KEY_ENCIPHERMENT