Cisco Cisco ScanSafe Secure Mobility
Cisco CWS
– AnyConnect Web Security Deployment Guide
14
Test
Deploy
Prepare
Step 5:
Click on AnyConnect Client Profile. Note there is an existing service profile for the VPN client
configuration.
Step 6:
Click on AnyConnect Connection Profiles. Note that AnyConnect Secure Mobility VPN client
access has been enabled for the outside interface only.
Step 7:
Edit the default connection profile or create a new one as necessary.
Step 8:
Assign a VPN address pool and assign a default group policy
Step 9:
Select AnyConnect Client Profile. Click Add.
Step 10:
Supply a friendly name under the profile name field such as websecurity_serviceprofile.
Change profile usage to Web Security.
Step 11:
Under Group Policy, select the group policy which appeared under the connection profile. In
this case it is Default Group Policy. Click OK.
Step 12:
To configure the service policy, click Edit. See Create an AnyConnect Web Security service
profile for reference. It is the same process as creating an AnyConnect Web Security service profile
using the stand-alone Profile Editor.
using the stand-alone Profile Editor.
Step 13:
By simply clicking the OK button, the service profile configuration is saved in the web
security service profile defined in the step 12.
Step 14:
Once the web security service profile has been configured, click Apply. Click on Group
Policies.
Step 15:
Edit the Group Policy. In this case, it is the default policy. Under the General branch, expand
More Options. Only enable the tunneling protocols that should be used. In this case, check SSL VPN
Client.
Client.
Figure 2.11
Step 16:
Expand Advanced and select Split Tunneling. Notice that a full tunnel configuration is used.
This would be typical for a VPN client without web security.
Step 17:
Break the full tunnel by configuring a split tunnel. Set the policy to Tunnel Network List
Below. Click Manage.
Step 18
: Under the Standard ACL tab, click Add ACL. Provide a friendly name for the ACL such as
‘Protected network.’ Click OK.