Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Writing, Testing, and Deploying Scripts

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter72 Configuring Clientless SSL VPN

Customizing the AnyConnect Client

Writing, Testing, and Deploying Scripts

Deploy AnyConnect scripts as follows:

Restrictions

•Scripts written on Microsoft Windows computers have different line endings than scripts written on

Mac OS and Linux. Therefore, you should write and test the script on the targeted OS. If a script

cannot run properly from the command line on the native OS, AnyConnect cannot run it properly

•Microsoft Windows Mobile does not support this option. You must deploy scripts using the manual

method for this OS.

Step1 Write and test the script using the OS type on which it will run when AnyConnect launches it.

Step2 To import a script, go to Network (Client) Access > AnyConnect Customization/Localization >

Script. The Customization Scripts pane displays.

Step3 Enter a name for the script. Be sure to specify the correct extension with the name. For example,

myscript.bat.

Step4 Choose a script action: Script runs when client connects or Script runs when client disconnects.

AnyConnect adds the prefix scripts_ and the prefix OnConnect or OnDisconnect to your filename to

identify the file as a script on the ASA. When the client connects, the ASA downloads the script to the

proper target directory on the remote computer, removing the scripts_ prefix and leaving the remaining

OnConnect or OnDisconnect prefix. For example, if you import the script myscript.bat, the script

appears on the ASA as scripts_OnConnect_myscript.bat. On the remote computer, the script appears as

OnConnect_myscript.bat.

To ensure the scripts run reliably, configure all ASAs to deploy the same scripts. If you want to modify

or replace a script, use the same name as the previous version and assign the replacement script to all of

the ASAs that the users might connect to. When the user connects, the new script overwrites the one with

the same name.

Step5 Select a file as the source of the script. The name does not need to be the same as the name you provided

for the script. ASDM imports the file from any source file, creating the new name you specify for Name

Table72-16 shows the locations of scripts on the remote computer:

Step6 Click Import to launch the Import AnyConnect Customization Objects dialog, where you can specify a

file to import as an object.

Table72-16 Required Script Locations

OS Directory

Microsoft Windows 7 and Vista %ALLUSERPROFILE%\Cisco\Cisco AnyConnect VPN Client\Scripts

Microsoft Windows XP %ALLUSERPROFILE%\Application Data\Cisco\Cisco AnyConnect VPN Client\

Linux /opt/cisco/vpn/scripts

Note Assign execute permissions to the file for User, Group and Other.

Mac OS X /opt/cisco/vpn/scripts

Windows Mobile %PROGRAMFILES%\Cisco AnyConnect VPN Client\Scripts

Contents

Cisco Systems Writing, Testing, and Deploying Scripts