Anyconnect(WebVPN) client uninstall setup

tahequivoice · ‎02-22-2012

How do I configure the ASA so that when a client connects from a public computer, such as from a library, that the client will be removed from the PC upon logout and any resident information is scrubbed? What does the Anyconnect keep-installer command do?

Marvin Rhoads · ‎02-22-2012

I don't think you can control that remotely. Many public terminals will not even allow a guest user to install programs. Those that do often have third party software to wipe the image clean after logoff (independent of anything you as a provider of a remote service such as you are providing via AnyConnect).

"keep-installer" makes sure the intallation is permanent (i.e. unable to be uninstalled by the client).

I'd suggest looking into Clientless SSL VPN for such an use case.

tahequivoice · ‎02-22-2012

What is the difference between Anyconnect and Clientless SSL? They both use the same license, dont they? Both are configured under webvpn.

Marvin Rhoads · ‎02-22-2012

With clientless SSL VPN you typically "publish" a subset of your enterprise services (internal websites, mail, file shares, etc.) via your ASA. It does not require installation of AnyConnect software client at all. Once the user logs out (from within the browser) a subsequent user of the public terminal would need to re-authenticate to reach the protected resources.

This link explains more.

Regarding licensing, an "AnyConnect Premium" license is require to allow Clientless SSL VPN.