75-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter75 Configuring AnyConnect VPN Client Connections
Configuring AnyConnect Connections
Enabling Permanent Client Installation
Enabling permanent client installation disables the automatic uninstalling feature of the client. The client
remains installed on the remote computer for subsequent connections, reducing the connection time for
the remote user.
Note AnyConnect versions 3.0 and later do no support permanent client installation. The CLI is still available
to support older versions of AnyConnect.
To enable permanent client installation for a specific group or user, use the anyconnectkeep-installer
command from group-policy or username webvpn modes:
Step4 ip local pool poolname startaddr-endaddr
mask mask
Example:
hostname(config)# ip local pool vpn_users
209.165.200.225-209.165.200.254
mask 255.255.255.224
(Optional) Creates an address pool. You can use another method
of address assignment, such as DHCP and/or user-assigned
addressing.
Step5 address-pool poolname
Example:
hostname(config)# tunnel-group
telecommuters general-attributes
hostname(config-tunnel-general)#
address-pool vpn_users
Assigns an address pool to a tunnel group.
Step6 default-group-policy name
Example:
hostname(config-tunnel-general)#
default-group-policy sales
Assigns a default group policy to the tunnel group.
Step7 group-alias name enable
Example:
hostname(config)# tunnel-group
telecommuters webvpn-attributes
hostname(config-tunnel-webvpn)#
group-alias sales_department enable
Enables the display of the tunnel-group list on the clientless portal
and AnyConnect GUI login page. The list of aliases is defined by
the group-alias name enable command.
Step8 tunnel-group-list enable
Example:
hostname(config)# webvpn
hostname(config-webvpn)# tunnel-group-list
enable
Specifies the AnyConnect client as a permitted VPN tunneling
protocol for the group or user.
Step9 vpn-tunnel-protocol
Example:
hostname(config)# group-policy sales
attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)#
vpn-tunnel-protocol
Specifies SSL as a permitted VPN tunneling protocol for the
group or user. You can also specify additional protocols. For more
information, see the vpn-tunnel-protocol command in the Cisco
ASA 5500 Series Command Reference.
For more information about assigning users to group policies, see
Chapter 6, Configuring Connection Profiles, Group Policies, and
Users.
Command Purpose