Cisco Cisco AnyConnect Secure Mobility Client v4.x Technical Manual
The information in this document is based on these software and hardware versions:
Microsoft Windows 7
●
Cisco WLC Version 7.6 and Later
●
Cisco ISE Software, Versions 1.3 and Later
●
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
Topology and Flow
Here is the flow:
Step 1. Corporate user acceses Service Set Identifier (SSID): Provisioning. Performs 802.1x
authentication with Extensible Authentication Protocol-Protected EAP (EAP-PEAP). The
Provisioning authorization rule is encountered on ISE and the user is redirected for AnyConnect
Provisioning (via the Client Provisioning Protal). If AnyConnect is not detected on the machine, all
configured modules are installed (VPN, NAM, Posture). Along with that profile, the configuration
for each module is pushed.
authentication with Extensible Authentication Protocol-Protected EAP (EAP-PEAP). The
Provisioning authorization rule is encountered on ISE and the user is redirected for AnyConnect
Provisioning (via the Client Provisioning Protal). If AnyConnect is not detected on the machine, all
configured modules are installed (VPN, NAM, Posture). Along with that profile, the configuration
for each module is pushed.
Step 2. Once AnyConnect is installed, the user must reboot the PC. After the reboot, AnyConnect