70-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 70 Using Image Manager
Getting Started with Image Manager
AnyConnect Client Profile files
DAP Configuration XML
Full Customization XML files
After the SSL VPN images have been copied to the device using Image Manager, the remote access VPN
policies must be configured in Configuration Manager to make use of these images. The Remote Access
VPN policies that must be configured are located at the following paths in Configuration Manager:
CSD Package—Remote Access VPN > Dynamic Access > Cisco Secure Desktop group box
HostScan Package—Remote Access VPN > Dynamic Access > Cisco Secure Desktop group box
Anyconnect Image—Remote Access VPN > SSL VPN > Other Settings > Client Settings tab
Plug-ins—Remote Access VPN > SSL VPN > Other Settings > Plug-in tab
The SSL VPN binary files must be present on the device flash before you reference them in VPN policy.
If not, Security Manager will present an activity validation warning informing the user of the preference
to use Image Manager to push these files reliably to the device before deploying the configuration. If the
user ignores the activation warning and goes ahead, Configuration Manager defaults to the old behavior
and pushes the images or files as was done in the earlier versions of Security Manager before deploying
the configuration referring to these files. But the user cannot leverage the following advantages of using
Image Manager for copying these files:
1. Capability to use external disks like disk1 to copy the files. Configuration Manager only copies the
files to disk0 and does not recognize or support external disks.
2. Image Manager preempts errors during the image copy by validating that there is enough free space
on the disk to copy the selected images and does not allow creation of a job unless there is sufficient
space is to copy the images. User can make space by using the Image Manager to delete unwanted
images.
Note Image Manager does not validate the compatibility of the SSL VPN files that are pushed to the ASA.
But Configuration Manager will complain when incompatible files are referenced in the Remote Access
VPN policies.
Administrative Settings for Image Manager
Image Manager introduces new administrative settings. These administrative settings must be configured
as part of Configuration Manager.
Configuring Cisco.com Certificates
Beginning with version 4.4, Security Manager has a certificate trust management feature. This feature
helps you with improved handling of Cisco.com certificates. For detailed documentation of this feature,
refer to Certificate Trust Management, page 10-17.
To configure administrative settings for Image Manager, do the following:
Step 1 Go to Configuration Manager > Tools > Security Manager Administration.
The Cisco Security Manager - Administration page appears.
Step 2 Configure workflow settings: