для Cisco Cisco ScanSafe Wi-Fi Hotspot Security
Cisco CWS
– AnyConnect Web Security Deployment Guide
15
Test
Deploy
Prepare
Step 19:
Click Add ACE. Action should be bulleted on Permit. Address should be the inside network
or the object representing the LAN VPN clients should have access to.
Step 20:
Select the object. Click Address. Click OK through each of the three dialog boxes.
Step 21:
Now click on the AnyConnect Client branch. Click on the drop down list for optional client
Modules to download.
Step 22:
Select AnyConnect DART and AnyConnect Web Security. Click OK. Under client profiles to
download, click Add. Change profile name to the web security service profile and click OK.
Step 23:
Expand the AnyConnect Client branch and select Log-in Setting. Ensure that Do not prompt
user to choose and Download AnyConnect Client are bulleted. Click OK. Click Apply.
Step 24:
To prevent end-users from disabling the AnyConnect Web Security service, lockdown mode
should be applied. To achieve this, expand the AnyConnect Customization/Localization branch.
Step 25:
Select Customized Installer Transforms. You have already downloaded a copy of simple
Step 26:
Enter a friendly name in the name field. Make sure the leading character is an underscore.
Example: _anyconnect-win-lockdown. This will tell the ASA to apply the transform to all AnyConnect
modules. The platform should be win.
modules. The platform should be win.
Figure 2.12
Step 27:
Bullet the location where the lockdown transform is saved. In this case it is the ASA Flash
file system.
Step 28:
Click Browse Flash. Select the transform file. Click OK. Click Import Now. Click OK.
Step 29:
Now that AnyConnect has been configured, log on to a Windows client that already has the
AnyConnect VPN installed.
*Note: in this scenario, the log on does not require administrator privileges to update the AnyConnect
Secure Mobility client with web security.
Secure Mobility client with web security.
Step 30:
Connect to the ASA using the AnyConnect VPN client to initiate the installation of
AnyConnect Web Security.
*Note: the AnyConnect UI may not reflect that the AnyConnect Web Security module is active.