Cisco 5505 Administration Guide - Page 77
Enabling Start Before Logon (SBL) for the AnyConnect Client, XML Settings for Enabling SBL - description
UPC - 882658082252
View all Cisco 5505 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 77 highlights
Chapter 7 Configuring and Using AnyConnect Client Operating Modes and User Profiles Configuring Profile Attributes The following sections describe how to modify the profiles template to configure the profile attributes. Enabling Start Before Logon (SBL) for the AnyConnect Client With SBL enabled, the user sees the AnyConnect GUI logon dialog before the Windows logon dialog box appears. This establishes the VPN connection first. Available only for Windows platforms, Start Before Logon lets the administrator control the use of login scripts, password caching, mapping network drives to local drives, and more. You can use the SBL feature to activate the VPN as part of the logon sequence. SBL is disabled by default. XML Settings for Enabling SBL The element value for UseStartBeforeLogon allows this feature to be turned on (true) or off (false). If the you set this value to true in the profile, additional processing occurs as part of the logon sequence. See the Start Before Logon description for additional details. You enable SBL by setting the value in the CiscoAnyConnect.xml file to true: true To disable SBL, set the same value to false. To enable the UserControllable feature, use the following statement when enabling SBL: true Any user setting associated with this attribute is stored elsewhere. CLI Settings for Enabling SBL To minimize download time, the AnyConnect client requests downloads (from the security appliance) only of core modules that it needs for each feature that it supports. To enable new features, such as Start Before Logon (SBL), you must specify the module name using the svc modules command from group policy webvpn or username webvpn configuration mode: [no] svc modules {none | value string} The string for SBL is vpngina In the following example, the user enters group-policy attributes mode for the group policy telecommuters, enters webvpn configuration mode for the group policy, and specifies the string vpngina to enable SBL: hostname(config)# group-policy telecommuters attributes hostname(config-group-policy)# webvpn hostame(config-group-webvpn)# svc modules value vpngina In addition, the administrator must ensure that the AnyConnect profile.xml file has the statement set to true. For example: true The system must be rebooted before Start Before Logon takes effect. OL-12950-012 Cisco AnyConnect VPN Client Administrator Guide 7-11