Cisco 5505 Administration Guide - Page 100
Cisco AnyConnect VPN Client Administrator Guide, OL-12950-012, Appendix
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 100 highlights
Sample AnyConnect Profile Appendix A Sample AnyConnect Profile and XML Schema The ClientInitialization section represents global settings for the client. In some cases (e.g. BackupServerList) host specific overrides are possible. --> false pinAllowed Non_Repudiation Digital_Signature ClientAuth ServerAuth 1.3.6.1.5.5.7.3.11 CN ASASecurity L Boulder
A-2
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Appendix A
Sample AnyConnect Profile and XML Schema
Sample AnyConnect Profile
The ClientInitialization section represents global settings for the
client.
In some cases (e.g. BackupServerList) host specific overrides
are possible.
-->
<ClientInitialization>
<!--
The Start Before Logon feature can be used to activate the VPN as
part of the logon sequence.
UserControllable:
Does the administrator of this profile allow the user to control
this attribute for their own use.
Any user setting associated
with this attribute will be stored elsewhere.
-->
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<!--
If user is importing a certificate using the enrollment feature,
this attribute will enforce any pin application requirement.
-->
<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
<!--
This section enables the definition of various attributes that
can be used to refine client certificate selection.
-->
<CertificateMatch>
<!--
Certificate Key attributes that can be used for choosing
acceptable client certificates.
-->
<KeyUsage>
<MatchKey>Non_Repudiation</MatchKey>
<MatchKey>Digital_Signature</MatchKey>
</KeyUsage>
<!--
Certificate Extended Key attributes that can be used for
choosing acceptable client certificates.
-->
<ExtendedKeyUsage>
<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
<ExtendedMatchKey>ServerAuth</ExtendedMatchKey>
<CustomExtendedMatchKey>1.3.6.1.5.5.7.3.11</CustomExtendedMatchKey>
</ExtendedKeyUsage>
<!--
Certificate Distinguished Name matching allows for exact
match criteria in the choosing of acceptable client
certificates.
-->
<DistinguishedName>
<DistinguishedNameDefinition Operator="Equal" Wildcard="Enabled">
<Name>CN</Name>
<Pattern>ASASecurity</Pattern>
</DistinguishedNameDefinition>
<DistinguishedNameDefinition Operator="Equal" Wildcard="Disabled">
<Name>L</Name>
<Pattern>Boulder</Pattern>
</DistinguishedNameDefinition>
</DistinguishedName>
</CertificateMatch>
<!--
Collection of one or more backup servers to be used in case
the user selected one fails.
-->
<BackupServerList>
<!--