02-22-2012 09:39 AM - edited 02-21-2020 05:53 PM
How do I configure the ASA so that when a client connects from a public computer, such as from a library, that the client will be removed from the PC upon logout and any resident information is scrubbed? What does the Anyconnect keep-installer command do?
02-22-2012 10:10 AM
I don't think you can control that remotely. Many public terminals will not even allow a guest user to install programs. Those that do often have third party software to wipe the image clean after logoff (independent of anything you as a provider of a remote service such as you are providing via AnyConnect).
"keep-installer" makes sure the intallation is permanent (i.e. unable to be uninstalled by the client).
I'd suggest looking into Clientless SSL VPN for such an use case.
02-22-2012 11:32 AM
What is the difference between Anyconnect and Clientless SSL? They both use the same license, dont they? Both are configured under webvpn.
02-22-2012 01:33 PM
With clientless SSL VPN you typically "publish" a subset of your enterprise services (internal websites, mail, file shares, etc.) via your ASA. It does not require installation of AnyConnect software client at all. Once the user logs out (from within the browser) a subsequent user of the public terminal would need to re-authenticate to reach the protected resources.
This link explains more.
Regarding licensing, an "AnyConnect Premium" license is require to allow Clientless SSL VPN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: