Cisco Cisco AnyConnect Secure Mobility Client v2.x Technical Manual

Is configured from remote SSL VPN access using ISE as AAA server. Radius CoA along with
REDIRECT ACL needs to be configured:

aaa-server ISE20 protocol radius

aaa-server ISE20 (inside) host 10.48.17.235

 key cisco

tunnel-group TAC type remote-access

tunnel-group TAC general-attributes

 address-pool POOL

 default-group-policy AllProtocols

tunnel-group TAC webvpn-attributes

 group-alias TAC enable

group-policy AllProtocols internal

group-policy AllProtocols attributes

 vpn-tunnel-protocol ikev1 ikev2 ssl-client ssl-clientless

webvpn

 enable outside

 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1

 anyconnect enable

 tunnel-group-list enable

 error-recovery disable

access-list REDIRECT extended deny udp any any eq domain

access-list REDIRECT extended deny ip any host 10.48.17.235

access-list REDIRECT extended deny icmp any any

access-list REDIRECT extended permit tcp any any eq www

ip local pool POOL 172.16.31.10-172.16.31.20 mask 255.255.255.0

For more details please refer to:

From Control Panel -> System and Security -> BitLocker Drive Encryption enable E: partition
encryption. Protect it by password (PIN).