1-12
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring AnyConnect VPN Client Connections
  Configuring AnyConnect Connections
Enabling Permanent Client Installation
Enabling permanent client installation disables the automatic uninstalling feature of the client. The client 
remains installed on the remote computer for subsequent connections, reducing the connection time for 
the remote user.
To enable permanent client installation for a specific group or user, use the anyconnect keep-installer 
command from group-policy or username webvpn modes:
anyconnect keep-installer installer
The default is that permanent installation of the client is enabled. The client remains on the remote 
computer at the end of the session. The following example configures the existing group-policy sales to 
remove the client on the remote computer at the end of the session:
hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-policy)# anyconnect keep-installer installed none
Step 5
address-pool poolname
Example:
hostname(config)# tunnel-group 
telecommuters general-attributes
hostname(config-tunnel-general)# 
address-pool vpn_users
Assigns an address pool to a tunnel group.
Step 6
default-group-policy name
Example:
hostname(config-tunnel-general)# 
default-group-policy sales
Assigns a default group policy to the tunnel group.
Step 7
group-alias name enable
Example:
hostname(config)# tunnel-group 
telecommuters webvpn-attributes
hostname(config-tunnel-webvpn)# 
group-alias sales_department enable
Enables the display of the tunnel-group list on the clientless portal 
and AnyConnect GUI login page. The list of aliases is defined by 
the group-alias name enable command.
Step 8
tunnel-group-list enable
Example:
hostname(config)# webvpn
hostname(config-webvpn)# tunnel-group-list 
enable
Specifies the AnyConnect clients as a permitted VPN tunneling 
protocol for the group or user.
Step 9
vpn-tunnel-protocol 
Example:
hostname(config)# group-policy sales 
attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# 
vpn-tunnel-protocol 
Specifies SSL as a permitted VPN tunneling protocol for the 
group or user. You can also specify additional protocols. For more 
information, see the vpn-tunnel-protocol command in the Cisco 
ASA 5500 Series Command Reference.
For more information about assigning users to group policies, see 
Chapter 6, Configuring Connection Profiles, Group Policies, and 
Users.
Command Purpose