Cisco Cisco ASA 5555-X Adaptive Security Appliance - No Payload Encryption
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 16
4. Session: Enhance the connection experience after establishing the VPN.
We will discuss various administrative configuration best practices for each of the four stages.
Note: All of the ASA and AnyConnect VPN features we discuss are applicable to other applications. However,
administrators who wish to manage Jabber specific VPN session parameters separately should create separate
administrators who wish to manage Jabber specific VPN session parameters separately should create separate
ASA connection profiles (also known as tunnel groups), group policies, and AnyConnect client profiles as needed.
Installing the Applications
iOS and Android Devices
Option 1: End users can manually download the Cisco AnyConnect and Cisco Jabber apps at no cost from the
respective Apple App Store or Google Play. Administrators can also host an internal web page with links that
redirect the user to the respective app stores.
Option 2: Enterprises can take advantage of the Mobile Device Manager (MDM) software to push the two
applications after device registration.
Windows and Mac OS X
Option 1: Administrators can use System Center Configuration Manager (SCCM) to push the Cisco AnyConnect
and Jabber applications to the laptops.
Option 2: AnyConnect can be downloaded and installed from a web portal hosted by the Cisco ASA.
13
Note: The initial installation of AnyConnect through web download (WebLaunch) requires administrative
privileges on the endpoint.
privileges on the endpoint.
Provisioning the AnyConnect VPN Profiles
After the apps are downloaded, they have to be provisioned with the configuration profile. The AnyConnect client
profile includes VPN policies such as a list of all the company ASA VPN gateways, connection protocol (IPsec or
SSL), on-demand policies, etc.
Provision VPN Profiles on ASA
14
- Preferred Method
The ASDM includes a profile editor that can be used to define the VPN profile. The VPN profile will be downloaded
to the AnyConnect client after the VPN connection is established for the first time. This auto-download option is the
preferred method, as it can be used for all the devices and OS types and can be managed centrally on the ASA.
Note: On Windows, the VPN profile can also be deployed as part of a SCCM push of the AnyConnect client.
iOS Devices Using Apple Configuration Profiles - Alternative Method
Many enterprises provisioning iOS devices would like to take advantage of the Apple configuration profiles. The
Apple configuration profiles are XML files that contain device security policies, VPN configuration information, Wi-Fi
settings, mail and calendar settings, etc.
13
WebLaunch:
14
AnyConnect Profile Editor: