How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall
configuration?
A.
Issue the command “anyconnect keep-installer” under the group policy or username webvpn mode
B.
Issue the command ”anyconnect keep-installer installed” in the global configuration
C.
Issue the command “anyconnect keep-installer installed” under the group policy or username webvpn mode
D.
Issue the command “anyconnect keep-installer installer” under the group policy or username webvpn mode
Explanation:
@day-2 on securitytut.com
Dumps, Brad etc.. say the correct answer is ” C ” !
But as we figured out and also verified here :
http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/vpn/asa-vpn-cli/vpn-anyconnect.html
To enable permanent client installation for a specific group or user, use the anyconnect keep-installer
command from group-policy or username webvpn modes:
anyconnect keep-installer installer
The default is that permanent installation of the client is enabled. The client remains on the remote computer at
the end of the session. The following example configures the existing group-policy sales to remove the client on
the remote computer at the end of the session:hostname(config)# group-policy sales attributes
hostname(config-group-policy)# webvpn
hostname(config-group-policy)# anyconnect keep-installer installed none
So.. the command to enable it is “anyconnect keep-installer installeR” , right ?
BUT, to disable the feature of permanent client installation the command is referred as “anyconnect keepinstaller installeD none”
Doesn’t look good to me but IF we assume that it’s not a typo, the correct answer should be ” D ” , right ??
Take a look on the URL above that says “../asa/asa93/” !!! ASA93 … keep that in mind please..
I checked every version of cisco configuration guide for the ASA anyconnect remote access VPN.
Every cisco configuration guide beyond v9.3 (9.4, 9.5, 9.6, 9.7 .. latest) doesn’t refer the ACTUAL command to
enable the feature. Only how to disable it which is the same..
However, on EVERY cisco confifuration guide BEFORE v9.3 (9.2, 9.1 .. and all the way down)
the command is referred as :
anyconnect keep-installer installed
which indicates that “C” is the correct answer !
According to other pages i got from a simple google search e.g. : h???s://www.cisco????/c/en/us/support/docs/
security/asa-5500-x-series-next-generation-firewalls/100597-technote-anyconnect-00.??ml
in some point it says :
Uninstall Automatically
Problem
The AnyConnect VPN Client uninstalls itself once the connection terminates. The client logs show that keep
installed is set to disabled.
Solution
AnyConnect uninstalls itself despite that the keep installed option is selected on the Adaptive Security Device
Manager (ASDM). In order to resolve this issue, configure the svc keep-installer installed command under
group-policy.
Indicates that none of the answers is correct as “svc keep-installer installed” was valid for v8.3 and below !
Also here : h??ps:?/networklessons.??m/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn/
i’m copying/pasting from the url :
ASA1(config)# group-policy ANYCONNECT_POLICY attributes
ASA1(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless
ASA1(config-group-policy)# split-tunnel-policy tunnelspecified
ASA1(config-group-policy)# split-tunnel-network-list value SPLIT_TUNNEL
ASA1(config-group-policy)# dns-server value 8.8.8.8
ASA1(config-group-policy)# webvpn
ASA1(config-group-webvpn)# anyconnect keep-installer installed
Indicates that “C” is correct too.. (but the asa version is not referred..)
=====================================================
BD
On my virtual ASA version 9.6(2) in my group policy I have
ciscoasa(config)# group-policy GroupPolicy_SecurityTut attributesEntering webvpn
ciscoasa(config-group-policy)# webvpn
And for the anyconnect keep-installer command it only shows me this
ciscoasa(config-group-webvpn)# anyconnect keep-installer ?
config-group-webvpn mode commands/options:
installed Keep the install enabler
none Do not keep the install enabler
ciscoasa(config-group-webvpn)# anyconnect keep-installer
So the command should be
ciscoasa(config-group-webvpn)# anyconnect keep-installer installed
I guess that sets it straight, right?
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/A-H/cmdref1/a2.html
the link above says
To enable the permanent installation of an SSL VPN client on a remote PC, use the anyconnect keep-installer command in group-policy webvpn or username webvpn configuration mode. To remove the command from the configuration and cause the value to be inherited, use the no form of this command.
anyconnect keep-installer { installed | none }
no anyconnect keep-installer { installed | none }
which make that the option C is the correct answer
0
0