PK
f6?tG@.> .> AnyConnectProfile.tmplUT Y{NY{NUx
false
true
false
All
false
false
true
true
true
ReconnectAfterResume
true
Automatic
SingleLocalLogon
LocalUsersOnly
false
SameUserOnly
Non_Repudiation
Digital_Signature
ClientAuth
false
REPLACE_company.com
REPLACE_1.2.3.4
Disconnect
Connect
true
Open
true
5
false
false
20
4
30
REPLACE_AsaName
REPLACE_asa.address.com
REPLACE_AsaName2
REPLACE_10.94.146.172
REPLACE_TunnelGroup
PK
f6?z?s^ s^ AnyConnectProfile.xsdUT Y{NY{NUx
pwd
This is the data needed to attempt a connection to a specific host.
A HostEntry comprises the data needed to identify and connect to a specific host.
Can be an alias used to refer to the host or an FQDN or IP address. If an FQDN or IP address is used, a HostAddress is not required.
Can be a FQDN or IP address.
The tunnel group to use when connecting to the specified host. This field is used in conjunction with the HostAddress value to form a Group based URL. NOTE: Group based URL support requires ASA version 8.0.3 or later.
Collection of one or more backup servers to be used in case the user selected one fails.
Collection of one or more load balancing servers.
This is the XML schema definition for the Cisco AnyConnect VPN Client Profile XML file. The VPN Client Initialization is a repository of information used to manage the Cisco VPN client software. This file is intended to be maintained by a Secure Gateway administrator and then distributed with the client software. The xml file based on this schema can be distributed to clients at any time. The distribution mechanisms supported are as a bundled file with the software distribution or as part of the automatic download mechanism. The automatic download mechanism only available with certain Cisco Secure Gateway products.
The ClientInitialization section represents global settings for the client. In some cases (e.g. BackupServerList) host specific overrides are possible.
The Start Before Logon feature can be used to activate the VPN as part of the logon sequence.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
Controls AnyConnect client behavior for certificate selection. By default, the user certificate will be matched internally. If disabled, a user certificate selection dialog will be displayed.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This control enables an administrator to have a one time message displayed prior to a users first connection attempt. As an example, the message could be used to remind a user to insert their smart card into it's reader.
The message to be used with this control is localizable and can be found in the AnyConnect message catalog (default: "This is a pre-connect reminder message.").
Show a pre-connect message prior to users first connect attempt.
Do not show a pre-connect message prior to users first connect attempt.
This setting allows an administrator to specify which certificate store AnyConnect will use for locating certificates.
This setting only applies to the Microsoft Windows version of AnyConnect and has no effect on other platforms.
Use certificates from all available certificate stores.
Use certificates only from the Windows machine certificate store.
Use certificates only from the Windows user certificate store.
This setting allows an administrator to direct AnyConnect to search for certificates in the Windows machine certificate store. This is useful in cases where certificates are located in this store and users do not have administrator privileges on their machine.
This setting allows an administrator to control the user proxy settings.
Use browser settings.
Use no proxy settings.
Use AnyConnect proxy settings.
This preference gives the network administrator the ability to allow users to connect through a local proxy.
Controls AnyConnect client behavior when started. By default, the client will attempt to contact the last Gateway a user connected to or the first one in the list from the AnyConnect profile. In the case of certificate-only authentication, this will result in the establishment of a VPN tunnel when the client is started.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
Controls AnyConnect GUI behavior when a VPN tunnel is established. By default, the GUI will minimize when the VPN tunnel is established.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
If Local LAN access is enabled for remote clients on the Secure Gateway, this setting can be used to allow the user to accept or reject this access.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This setting allows an administrator to control how a client will behave when the VPN tunnel is interrupted. Control can optionally be given to the user.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This setting allows the adminstrator to turn off the dynamic update functionality of AnyConnect. Control of this can also be given to the user.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This setting allows the adminstrator to control how the user will interact with RSA. By default, AnyConnect will determine the correct method of RSA interaction. The desired setting can be locked down by the administrator or control can be given to the user.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Windows only).
This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Windows only).
Determines whether to keep the VPN session when the user logs off a Windows OS.
Specifies whether to end the VPN session if a different user logs on. This value applies only if the RetainVpnOnLogoff is True and the original user logged off Windows when the VPN session was up.
This preference allows the administrator to define a policy to automatically manage when a VPN connection should be started or stopped.
This setting defines the list of possible DNS domain name(s) that an interface is assigned when in a trusted network
This setting defines the list of DNS server(s) that an interface is assigned when in a trusted network
This preference allows an administrator to define a policy to automatically manage the VPN connection for users in trusted networks.
This preference allows an administrator to define a policy to automatically manage the VPN connection for users in untrusted networks.
This preference governs VPN reestablishment after interruptions
This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure. Possible values are Open and Closed
This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure
This preference allows the network administrator the ability to impose a time limit (in minutes) for captive portal remediation when the ConnectFailurePolicy value is Closed
This preference gives the network administrator the ability to allow split routes and firewall rules to be applied following a VPN connection establishment failure when the ConnectFailurePolicy value is Closed
This preference gives the network administrator the ability to allow users to disconnect the VPN session during Always On
This preference allows an administrator to control the policy used to exclude routes to PPP servers when connecting over L2TP or PPTP. Options are Automatic (default), Disable, and Override.
When PPPExclusion is set to Override, the value of this preference allows an end user to specify the address of a PPP server that should be excluded from tunnel traffic.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This preference allows an administrator to enable scripting which executes OnConnect and OnDisconnect scripts (if found).
This setting dictates whether or not AnyConnect will terminate a running script process if a transition to another scriptable event occurs.
This setting dictates whether or not the OnConnect script will be launched from the desktop GUI when a tunnel has been established via Start Before Logon.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This section enables the definition of various attributes that can be used to refine client certificate selection.
Certificate Key attributes that can be used for choosing acceptable client certificates.
Certificate Extended Key attributes that can be used for choosing acceptable client certificates.
Certificate Distinguished Name matching allows for exact match criteria in the choosing of acceptable client certificates.
Collection of one or more backup servers to be used in case the user selected one fails.
Collection of policy settings specific to the Windows Mobile version of AnyConnect that have no effect on other platforms.
Indicates that a Windows Mobile device must be configured with a password or PIN prior to establishing a VPN connection. This configuration is only valid on Windows Mobile devices that use the Microsoft Default Local ation Provider (LAP).
When set to non-negative number, specifies the maximum number of minutes that must be configured before device lock takes effect. (WM5/WM5AKU2+)
When set to a non-negative number, specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. (WM5AKU2+)
When present checks for the following password subtypes: "alpha" - Requires an alphanumeric password, "pin" - Numeric PIN required, "strong" - Strong alphanumeric password defined by Microsoft as containing at least 7 characters, including a minimum of 3 from the set of uppercase, lowercase, numerals, and punctuation characters. (WM5AKU2+)
This section enables the definition of various .
This attribute will enable a notice to be shown to the user when their certificate is about to expire.
If the group-url can be identified (FQDN/group or IP/group) by this value will trigger the automatic SCEP process.
The SCEP CA server.
Domain of the CA
Common Name
Org Unit
Org
State
State
Country
Email
Domain Component
Sur Name
Given Name
Unstructured Name
Initials
Gen Qualifier
DN Qualifier
City
Title
Key Size
Turn on display of Get Certificate button if SCEP is configured and user encounters client certificate authentication failure.
When set to non-negative number, specifies the maximum number of minutes that must be configured before device lock takes effect. (WM5/WM5AKU2+)
When set to a non-negative number, specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. (WM5AKU2+)
When present checks for the following password subtypes: "alpha" - Requires an alphanumeic password, "pin" - Numeric PIN required, "strong" - Strong alphanumeric password defined by Microsoft as containing at least 7 characters, including a minimum of 3 from the set of uppercase, lowercase, numerals, and punctuation characters. (WM5AKU2+)
Automatic server selection will automatically select the optimal secure gateway for the endpoint. Possible values are true or false.
During a reconnection attempt after a system resume, this setting specifies the minimum estimated performance improvement required to justify transitioning a user to a new server. This value represents a percentage in 0..100
During a reconnection attempt after a system resume, this specifies the minimum time a user must have been suspended in order to justify a new server selection calculation. It is measured in hours
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
Amount of time, in seconds, that the client waits for authentication to be completed.
If SafeWord SofToken software is installed on the endpoint device, this setting can be used to enable the client to directly interface with the SofToken software.
Does the administrator of this profile allow the user to control this attribute for their own use. Any user setting associated with this attribute will be stored elsewhere.
This section contains the list of hosts the user will be able to select from.
Collection of one or more backup servers to be used in case the user selected one fails.
Can be a FQDN or IP address.
Collection of one or more load balancing servers.
Can be a FQDN or IP address.
Certificate Key attributes that can be used for choosing acceptable client certificates.
One or more match key may be specified. A certificate must match at least one of the specified key to be selected.
Certificate Extended Key attributes that can be used for choosing acceptable client certificates.
Zero or more extended match key may be specified. A certificate must match all of the specified key(s) to be selected.
1.3.6.1.5.5.7.3.1
1.3.6.1.5.5.7.3.2
1.3.6.1.5.5.7.3.3
1.3.6.1.5.5.7.3.4
1.3.6.1.5.5.7.3.5
1.3.6.1.5.5.7.3.6
1.3.6.1.5.5.7.3.7
1.3.6.1.5.5.7.3.8
1.3.6.1.5.5.7.3.9
1.3.6.1.5.5.7.3.10
Zero or more custom extended match key may be specified. A certificate must match all of the specified key(s) to be selected. The key should be in OID form (e.g. 1.3.6.1.5.5.7.3.11)
Certificate Distinguished Name matching allows for exact match criteria in the choosing of acceptable client certificates.
This element represents the set of attributes to define a single Distinguished Name mathcing definition.
Distinguished attribute name to be used in mathcing.
Subject Common Name
Domain Component
Subject Sur Name
Subject Given Name
Subject Unstruct Name
Subject Initials
Subject Gen Qualifier
Subject Dn Qualifier
Subject Country
Subject City
Subject State
Subject State
Subject Company
Subject Department
Subject Title
Subject Email Address
Issuer Common Name
Issuer Domain Component
Issuer Sur Name
Issuer Given Name
Issuer Unstruct Name
Issuer Initials
Issuer Gen Qualifier
Issuer Dn Qualifier
Issuer Country
Issuer City
Issuer State
Issuer State
Issuer Company
Issuer Department
Issuer Title
Issuer Email Address
The string to use in the match.
Should the pattern include wildcard pattern matching. With wildcarding enabled, the pattern can be anywhere in the string.
wildcard pattern match is not enabled for this definition
wildcard pattern match is enabled for this definition
The operator to be used in performing the match
equivalent to ==
equivalent to !=
Should the pattern matching applied to "Pattern" be case sensitive? Default is "Enabled" (case sensitive).
perform case sensitive match with pattern
perform case in-sensitive match with pattern
The root element representing the AnyConnect Client Profile
Allows only one user during a VPN connection
Allows only one local user but many remote users during a VPN connection
Only local users may establish a VPN connection
Local and remote users may establish a VPN connection
Automatically detect when a VPN connection is being established over a point-to-point connection.
Disable automatic detection of point-to-point connections.
Override the address of the PPP server with the value of PPPExclusionServerIP.
PK
f6? Darwin_powerpcUT Y{NY{NUx PK
f6? VPNManifest.xmlUT R{NR{NUx
binaries/vpnsetup.dmg
AnyConnect VPN Client
PK
f6? binaries/UT Y{NY{NUx PK
f6?
p binaries/anyconnectprof.sgzUT Y{NY{NUx -iYW&ϳg˨ }XTG,;
;bۢ4D*DcbXbQc{$&j$b4XҌ]vͷ`wy3ܽ$9cBDJjR\!͐G6/8_=yqHjwtsQoi=x6r_[={au筿v-Z^WGO
\C![2λ]ГkEz}{>k4@ouݯ~iE=uO?oZtWv3q]8跱oג%oM<eV9kE[6CȽW/v*|z^y}|s"#6{ ܛBWՓfso:pH2ϯ\NvT*~:W(XyU͘>O ^,oxӬ47yws&̦
7ޥc7;d-ʖ;wcɒiMIn;rm\mKUGS}O=d~Y)lKs>͌mʝ:>7OG6S.q:#WV
Ox݃3ۍq'Rkoۏ)Z3O_-{>9/{L6*;QeE;\> kRۑzMpJ&=eYG|#`O(w;\:#3;^A_V;?cÙk=s'ԙ^h^ݡẻ[tMdKu9pq+/tAO]/'rcOqk;w/;WZ|Тv1dܕs{ʏ)sWVqlߎizĜ<=nR7|тE=jflJ?^iЙ*Nߝ*Z5zd?^ҕ\{'/_돼'$Tidѵ^~}N}gEՀ9U~84ZkNk7Mֹnu^yG՝E!6#&;=]mwN.-α\7OoZL?|c`Vox{eʎϳgˊ_\@+w6zw|
ӎ{L/qLNd=K>Vܫz_=и[pӫ(z
0qalՅSFkFϷ6uۃkgΣd5~F
Yp1ɡ?5y|/wGa.
q+YKj3cݽth)~HK+kO::_[7LX8XUؤO37
rwp3 ^=`%6|xEQol]u{ېV䂖RNTw8gUY2>lf~arEO>Bz^>kNwNڜ{|ASÏ$zOwIfOܹ{ZRbGOs'<^?'י?vOMA{ 3|ɡ|mrRڢ5&MYaj¢]Xoӣ.'ߖ9ϑhwŜ{ml;2?H.͟5jW}8}ovUk嵭qݮ\{?ړm_O}]}_/[-zZ+ܜC{IYO+oTΡc|[wzˏ/)sfZ]rsw3S'd܍[\7ޛd`O⺄R4no.ޑ,^گwK_j~q♃XŏnY\9аUolVRr{B&z|9i?qNh
eߍ^Sq'.N)`}j
8wi϶a+73ߏ :1K\zo]
O sձ˸.qa+3&k{yhz{'W'7S'6.~;?jZjnqi ӆ˪}ηkMZ#*e\8/F/ux$UעnCN_P\ס#khm>ΰ-&~SޙCwmi~nƗ2[C/]vwtfB
?~}4ȏ݇.ذҸB|(V9^g:9Sf9CtNmebMΞUƆ6{RڬLWYOG-OaJ+ٍ&.z\Nw͆܍lՊ=~ .%*|~͕ƙ+7x"\~}ܾ[!ސXomf
^w|-ݓbDMViaP-^ClL^jRoH/z?w_t/%oo}mQAW'+Y1>YdҖ 8sIginOٰ)]q V)vκ&[)Os6j_瞷xߝ|{Bgze16M>\go_4ϛ>vȨ~YtӲS>O7Oݶ*7m49p`}ޫ1qڥ+:[_Уsj4FϿcOwҀ_ޜ`ż[v|ĵY=*ݜ/=^xFOh8g*Q4}tzX{偃Lz][m[kN+]ʇA~LqKdh>{ocUn_xeÿ~|e[EigV^^A:>XW7_knG7+/𧆁nt*mҴcOGaSvlaNLQ[S:Tb?pE(cgv:@yw3B^pYw"~cO<^Vɬnl+>:1{N{KݱfԂ3t{Ǔ[w0}ϧNXɢߦ\Ra[uݫz'g>qڱ.]R6t:lV5'ifiڂ4]3uZ^.CiIˏJ4$7MVѳ=!ē#*xȈWF֤52Rѿa`0ulunfd}67T2u9,o[X]k
CUUct<65_f7@2Q,MZFZѬ`84جs:Wmnln^zӨs0LMW5=dauː7+Ot]5e$g\F<̽u4W)#2BUFĕ*RrJW0*JʈqoUrErsuc1Z.?6WPg9҆#m9
,3țԵCl\̀Qq@
:*ЫsمJARbDB1&2♘!&)&!*&yMI,ErTׄSV$p*2"KjbrLR:Q ETLRJlبs[2R"}@LBR8SnԊ I˔A\lrIi N25"z@dD܀Rrś %#/d~)Ɉ@=LQ ߰b@OMUө52RhF:5U}
|EeAǚ8m^UҨs]JjZ&G7Lv@,3eS_-ӺpфD>uFsݪ`:GcR *dU[_I^Fz5EgYJX5(Mu&0efjskV/
˷$St8s%9PPS*l1P[Jњ6˳W
5
5-鮩U'Q|I=Jr
4Oݚkr41VHNR痬
+76C{_ZK29&7_K]%겵iEХ%?`~%~j4$qC y( 6"CYıhwE\q'Ľ, ^"
qx%WU,U7lhHuicAjJW?-]됺ҵZ4t
kc㵉ڔ43^K5x
6^CPc0.][A2dnݠ
Canڗ]3NCRҘMA
AhB8F[bV1چe"8֨l_)LtⴹA
+e
Z[%Ek2ԅz̈s;hF;h5՞{Ԅe:+ĝ(@n8(6l("{v@,ԃZ#ų%PFb$*V˚X]GEV"Db9Y$]HH1?A$]I"G$$$$tIHz>"K? mY#E&D)dwIާl,m#/+=J4ClCWooeBЏqKJz( =h`