Thanks Aditya!

Can you please share more details about 'anyconnect-essentials' command?

CF

The initial configuration you posted has the command "anyconnect-essentials".

The purpose of that command is to enable only the client-based AnyConnect remote access VPN. It disables the clientless sort that is licensed with the AnyConnect Premium (old name) or Apex (new name) license type.

Either method still provides a "home page" to login to the VPN. Thus they generally require "webvpn". (There is a method to use AnyConnect without SSL and instead use IKEv2 exclusively but we will not discuss that for now.)

The difference is with essentials, the home page serves only to authenticate you and launches the AnyConnect client software to manage the VPN connection. With premium, you have the option of also using the clientless VPN wherein there are resources (links to internal web pages, ability to browse file systems, launch RDP sessions on the remote network etc.) presented within the browser window once you've been authenticated.

Hi Rhodes,

When I check the sessions connected, I see connections are showing as clientless:

vpn# sh run webvpn
webvpn
enable outside
enable inside
anyconnect-essentials

vpn# sh vpn-sessiondb svc

Session Type: SVC

Username : x Index : 2082
Assigned IP : x.x.x.x Public IP : x.x.x.x
Protocol : Clientless SSL-Tunnel DTLS-Tunnel
License : SSL VPN
Encryption : AES256 Hashing : SHA1
Bytes Tx : 197476233 Bytes Rx : 26429696

This is confusing!

CF

Hi,

This is an expected behaviour.

If you launch Anyconnect via Web-launch you would see a Clientless tunnel being built:

Check this link:

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html

Look for AnyConnect Connected via Web-launch example.

Hope it helps.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Thanks Aditya!