67-89
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 67 Clientless SSL VPN
Customizing the AnyConnect Client
Importing Scripts
AnyConnect lets you download and run scripts when the following events occur:
• Upon the establishment of a new AnyConnect client VPN session with the security appliance. We
refer to a script triggered by this event as an OnConnect script because it requires this filename
prefix.
• Upon the tear-down of an AnyConnect client VPN session with the security appliance. We refer to
a script triggered by this event as an OnDisconnect script because it requires this filename prefix.
Thus, the establishment of a new AnyConnect VPN session initiated by Trusted Network Detection
triggers the OnConnect script (assuming the requirements are satisfied to run the script). The
reconnection of a persistent AnyConnect VPN session after a network disruption does not trigger the
OnConnect script.
These instructions assume you know how to write scripts and run them from the command line of the
targeted endpoint to test them.
Note The AnyConnect software download site provides some example scripts; if you examine them, please
remember that they are only examples; they may not satisfy the local computer requirements for running
them, and are unlikely to be usable without customizing them for your network and user needs. Cisco
does not support example scripts or customer-written scripts.
For complete information about deploying scripts, and their limitations and restrictions, see the
AnyConnect VPN Client Administrators Guide.
Writing, Testing, and Deploying Scripts
Deploy AnyConnect scripts as follows:
Step 1 Write and test the script using the OS type on which it will run when AnyConnect launches it.
Note Scripts written on Microsoft Windows computers have different line endings than scripts written
on Mac OS and Linux. Therefore, you should write and test the script on the targeted OS. If a
script cannot run properly from the command line on the native OS, AnyConnect cannot run it
properly either.
Step 2 To import a script, go to Network (Client) Access > AnyConnect Customization/Localization >
Script. The Customization Scripts pane displays.
Note Microsoft Windows Mobile does not support this option. You must deploy scripts using the
manual method for this OS.
Step 3 Enter a name for the script. Be sure to specify the correct extention with the name. For example,
myscript.bat.
Step 4 Choose a script action: Script runs when client connects or Script runs when client disconnects.
AnyConnect adds the prefix scripts_ and the prefix OnConnect or OnDisconnect to your filename to
identify the file as a script on the adaptive security appliance. When the client connects, the adaptive
security appliance downloads the script to the proper target directory on the remote computer, removing
the scripts_ prefix and leaving the remaining OnConnect or OnDisconnect prefix. For example, if you
To Next Page
Loading...
Need help?
General
