Configuring an ASA for AnyConnect Web Deploy with Web Security

1. Check ASA version, this should be equal to or greater than 8.4.

2. Make sure an AnyConnect 3.0 image has been uploaded and that the ASA has been configured

to web deploy AnyConnect VPN. If this has not been done, STOP and reschedule the activation

with the customer after then have a working AnyConnect VPN web deploy package configured,

tested, and working.

3. Select “Group Policies”, highlight the AnyConnect group policy and click Edit.

4. Select Advanced | AnyConnect Client, uncheck Inherit for “Optional Client Modules to

Download”, check “AnyConnect DART” and “AnyConnect Web Security”, then click OK.

However, if the customer is using additional components, be sure to select those too.

5. Select Advanced | AnyConnect Client | Login Setting, uncheck Inherit, bullet “Download

AnyConnect Client”, and click OK.

6. Click Apply.

7. Select “AnyConnect Client Profile” and click Add.

8. Provide a Profile Name, set Profile Usage to “Web Security”, set Group Policy to the AnyConnect

group policy, and click OK. Note that the file extension in “Profile Location” should change from

XML to WSP when the Profile Usage is set to “Web Security”.

9. Select the Web Security policy created in step 8 and click Edit.

10. Configure the Web Security plug-in and click OK.

11. Click Apply.

At this point the AnyConnect web deploy package should be complete and ready for use.

Applying a Transform

1. Configuration | Remote Access VPN | Customized Installer Transforms | Import

2. Supply the following:

a. Name = _win-lockdown-arp (whatever the name, it should be preceded with an

underscore character so that the transform applies to all AnyConnect modules)

b. Platform = win

c. Select a file = Browse a file system for the correct transform (MST) file