Anyconnect Client And New Windows Installations; Adding A Security Appliance To The List Of Trusted Sites (Internet Explorer) - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual
Administration guide
Hide thumbs
Also See for 5505 - ASA Firewall Edition Bundle:
- Configuration manual (1822 pages) ,
- Getting started manual (168 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 2
Common AnyConnect VPN Client Installation and Configuration Procedures
•
Current shipping versions of CSA do not have a built-in rule that is compatible with the AnyConnect
client. You can create the following rule using CSA version 5.0 or later by following these steps:
In the Rule Module: "Cisco Secure Tunneling Client Module", add a FACL:
Step 1
Priority Allow, no Log, Description: "Cisco Secure Tunneling Browsers, read/write
vpnweb.ocx"
Applications in the following class: "Cisco Secure Tunneling Client - Controlled Web
Browsers"
Attempt: Read file, Write File
On any of these files: @SYSTEM\vpnweb.ocx
Application Class: "Cisco Secure Tunneling Client - Installation Applications" add the following
Step 2
process names:
**\vpndownloader.exe
@program_files\**\Cisco\Cisco AnyConnect VPN Client\vpndownloader.exe
This rule will be built in to a future release of CSA.
•
AnyConnect Client and New Windows Installations
In rare circumstances, if you install the AnyConnect client on a computer that has a new or clean
Windows installation, the AnyConnect client might fail to connect, and your computer might display the
following message:
The required system DLL (filename) is not present on the system.
This could occur if the computer does not have the file MSVCP60.dll or MSVCRT.dll located in the
winnt\system32 directory. For more information about this problem, see the Microsoft Knowledge Base,
article 259403, at http://support.microsoft.com/kb/259403.
Adding a Security Appliance to the List of Trusted Sites (Internet Explorer)
To add a security appliance to the list of trusted sites, use Microsoft Internet Explorer and do the
following steps.
OL-12950-012
The procedure varies by browser. See the procedures that follow this section.
Make sure the Common Name (CN) in security appliance certificates matches the name clients
–
use to connect to it. By default, the security appliance certificate CN field is its IP address. If
clients use a DNS name, change the CN field on the security appliance certificate to that name.
The Cisco Security Agent (CSA) might display warnings during the AnyConnect client installation.
We recommend that Microsoft Internet Explorer (MSIE) users add the security appliance to the list
of trusted sites, or install Java. Doing so enables the ActiveX control to install with minimal
interaction from the user. This is particularly important for users of Windows XP SP2 with enhanced
security. Windows Vista users must add the security appliance to the list of trusted sites in order to
use the dynamic deployment feature. Refer to the following sections for instructions.
Before You Install the AnyConnect Client
Cisco AnyConnect VPN Client Administrator Guide
2-3
Advertisement
Table of Contents
