67-88
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
Customizing the AnyConnect Client
• Logging on to a service upon VPN connection, and logging off after disconnection.
For complete information about customizing the AnyConnect GUI and creating and deploying scripts,
see the AnyConnect VPN Client Administrators Guide.
The following sections describe how to import binary executables and scripts to the adaptive security
appliance:
Importing your own GUI as a Binary Executable, page 67-90
Importing Scripts, page 67-91
Importing your own GUI as a Binary Executable
For Windows, Linux, or Mac (PPP or Intel-based) computers, you can deploy your own client that uses
the AnyConnect client API. You replace the AnyConnect GUI or the AnyConnect CLI by replacing the
client binary files. Table 67-11 lists the filenames of the client executable files for the different operating
systems.
Your executable can call any resource files, such as logo images, that you import to the adaptive security
appliance (See Table 67-11). Unlike replacing the pre-defined GUI components, when you deploy your
own executable, can use any filenames for your resource files.
We recommend that you sign your custom Windows client binaries (either GUI or CLI version) that you
import to the adaptive security appliance. A signed binary has a wider range of functionality available
to it. If the binaries are not signed the following functionality is affected:
• Web-Launch—The clientless portal is available and the user can authenticate. However, the
behavior surrounding tunnel establishment does not work as expected. Having an unsigned GUI on
the client results in the client not starting as part of the clientless connection attempt. And once it
detects this condition, it aborts the connection attempt.
• SBL—The Start Before Logon feature requires that the client GUI used to prompt for user
credentials be signed. If it is not, the GUI does not start. Because SBL is not supported for the CLI
program, this affects only the GUI binary file.
• Auto Upgrade—During the upgrade to a newer version of the client, the old GUI exits, and after the
new GUI installs, the new GUI starts. The new GUI does not start unless it is signed. As with
Web-launch, the VPN connection terminates if the GUI is not signed. However, the upgraded client
remains installed.
Note The adaptive security appliance does not support this feature for the AnyConnect VPN client, Versions
2.0 and 2.1. For more information on manually customizing the client, see the AnyConnect VPN Client
Administrator Guide and the Release Notes for Cisco AnyConnect VPN Client.
Table 67-11 Filenames of Client Executables
Client OS Client GUI File Client CLI File
Windows vpnui.exe vpncli.exe
Linux vpnui vpn
Mac Not supported
1
1. Not supported by adaptive security appliance deployment. However, you can deploy an
executable for the Mac that replaces the client GUI using other means, such as
Altiris Agent.
vpn
To Next Page
Loading...
Need help?
General
