AnyConnect Secure Mobility Client  4.10.08029
api.h File Reference
#include "GlobalEnums.h"

Go to the source code of this file.

Macros

#define UNICODE
 
#define _UNICODE
 
#define tstring   std::wstring
 
#define tostream   std::wostream
 
#define VPN_VPNAPI   __declspec(dllimport)
 
#define OUT
 

Enumerations

enum  MessageType {
  MsgType_Error, MsgType_Alert, MsgType_Warn, MsgType_Info,
  MsgType_Status, MsgType_UrlError
}
 
enum  SDITokenType { SDITT_NONE, SDITT_HARDWARE, SDITT_SOFTWARE }
 
enum  VPNState {
  CONNECTED = STATE_CONNECTED, DISCONNECTED = STATE_DISCONNECTED, CONNECTING = STATE_CONNECTING, DISCONNECTING = STATE_DISCONNECTING,
  RECONNECTING = STATE_RECONNECTING, PAUSING = STATE_PAUSING, PAUSED = STATE_PAUSED, SSOPOLLING = STATE_SSOPOLLING,
  UNKNOWN = ~0
}
 
enum  VPNSubState {
  VPNSS_NORMAL = VCSS_NORMAL, VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY, VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING, VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED,
  VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW, VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE = VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE, VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED, VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
  VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG, VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING, VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING
}
 
enum  WMHint {
  MINIMIZE, OPEN, QUIT, REFRESHHOSTNAMES,
  REFRESHPREFS, SHOWCONNECTING, CLOSECREDENTIALPOPUP
}
 
enum  WMHintReason {
  SECONDGUISTART, PROXYREQUEST, SERVICEFAILURE, DISCONNECT,
  SERVICESTOPPED, CONNECT, REASONUNKNOWN
}
 
enum  ConnectPromptType {
  CERTIFICATE, CREDENTIALS, PROXY, MANUAL_PKCS12_IMPORT,
  STATUS, SINGLESIGNON, SINGLELOGOUT, LEGACY_SINGLESIGNON
}
 
enum  PromptType {
  Prompt_Input, Prompt_Password, Prompt_Banner, Prompt_Combo,
  Prompt_Header, Prompt_Hidden, Prompt_CheckBox, Prompt_SSO
}
 
enum  PreferenceId {
  ServiceDisable, CertificateStoreOverride, CertificateStore, CertificateStoreMac,
  CertificateStoreLinux, ShowPreConnectMessage, AutoConnectOnStart, MinimizeOnConnect,
  LocalLanAccess, DisableCaptivePortalDetection, AutoReconnect, AutoReconnectBehavior,
  SuspendOnConnectedStandby, UseStartBeforeLogon, AutoUpdate, RSASecurIDIntegration,
  WindowsLogonEnforcement, WindowsVPNEstablishment, LinuxLogonEnforcement, LinuxVPNEstablishment,
  ProxySettings, AllowLocalProxyConnections, PPPExclusion, PPPExclusionServerIP,
  AutomaticVPNPolicy, TrustedNetworkPolicy, UntrustedNetworkPolicy, BypassConnectUponSessionTimeout,
  TrustedDNSDomains, TrustedDNSServers, TrustedHttpsServerList, AlwaysOn,
  ConnectFailurePolicy, AllowCaptivePortalRemediation, CaptivePortalRemediationTimeout, ApplyLastVPNLocalResourceRules,
  AllowVPNDisconnect, AllowedHosts, EnableScripting, TerminateScriptOnNextEvent,
  EnablePostSBLOnConnectScript, AutomaticCertSelection, RetainVpnOnLogoff, UserEnforcement,
  DeviceLockRequired, DeviceLockMaximumTimeoutMinutes, DeviceLockMinimumPasswordLength, DeviceLockPasswordComplexity,
  EnableAutomaticServerSelection, AutoServerSelectionImprovement, AutoServerSelectionSuspendTime, AuthenticationTimeout,
  SafeWordSofTokenIntegration, AllowIPsecOverSSL, ClearSmartcardPin, IPProtocolSupport,
  CaptivePortalRemediationBrowserFailover, AllowManualHostInput, BlockUntrustedServers, PublicProxyServerAddress,
  CertificatePinning, UnknownPreference
}
 
enum  PreferenceScope { User, Global, UserAndGlobal }
 
enum  OperatingMode {
  FIPS = (1 << 0), StartBeforeLogon = (1 << 1), GUI = (1 << 2), TrustedNetworkDetection = (1 << 3),
  AlwaysOnVpn = (1 << 4), NetworkIssue = (1 << 5), Quarantined = (1 << 6), AutomaticHeadendSelection = (1 << 7),
  DisconnectAllowed = (1 << 8), VPNDisabled = (1 << 9), SCEPMode = (1 << 10), OnTrustedNetwork = (1 << 11),
  ManualHostInputAllowed = (1 << 12), ErrorSuppressed = (1 << 13), StrictMode = (1 << 14), CLI = (1 << 15),
  Management = (1 << 16)
}
 
enum  VPNError {
  VPNSuccess = 0, VPNError_Generic_FatalError = 1, VPNError_Connection_Error = 100, VPNError_Connection_InvalidGroupURL,
  VPNError_Network_Error = 200, VPNError_Authentication_Error = 300, VPNError_Authentication_DAP_Terminate, VPNError_ClientCertificate_UnknownError = 400,
  VPNError_ClientCertificate_Missing, VPNError_ClientCertificate_Expired, VPNError_ClientCertificate_NotYetValid, VPNError_ServerCertificate_UnknownError = 500,
  VPNError_ServerCertificate_Expired, VPNError_ServerCertificate_NotYetValid
}
 
enum  CertAuthMode { CertAuth_Automatic, CertAuth_Disabled, CertAuth_Manual }
 
enum  CertificateType { CertificateType_Client, CertificateType_SystemTrusted, CertificateType_Server }
 
enum  CertConfirmReason {
  CertConfirmReason_Unspecified, CertConfirmReason_NameMismatch, CertConfirmReason_Expired, CertConfirmReason_NotValidYet,
  CertConfirmReason_UntrustedSource, CertConfirmReason_InvalidUse, CertConfirmReason_Revoked, CertConfirmReason_Malformed,
  CertConfirmReason_NotFipsCompliant, CertConfirmReason_InvalidateDate, CertConfirmReason_SignatureAlgorithm, CertConfirmReason_KeySize
}
 
enum  UserResponseError {
  UserResponseError_None, UserResponseError_Unspecified, UserResponseError_BadServerCert, UserResponseError_SsoNavigation,
  UserResponseError_SsoGettingCookie, UserResponseError_SsoTimeout, UserResponseError_SsoMissingDependency, UserResponseError_SsoClientCertRequest,
  UserResponseError_SsoAborted
}
 
enum  ClientType { ClientType_GUI, ClientType_GUI_SBL, ClientType_CLI, ClientType_MGMT }
 

Detailed Description

This file contains some basic compiler definitions as well as common enums.

Macro Definition Documentation

#define tstring   std::wstring

std::wstring my wstring description

Enumeration Type Documentation

Enumerator
CertAuth_Automatic 

Will try each available certificate in succession until authentication is obtained or we run out of available certificates

CertAuth_Disabled 

Will disable Certificate Based Authentication

CertAuth_Manual 

Will only use preconfigured certificate to attempt Certificate Based Authentication

618 {
619  CertAuth_Automatic, /**< Will try each available certificate in succession
620  until authentication is obtained or we run out of
621  available certificates */
622  CertAuth_Disabled, /**< Will disable Certificate Based Authentication */
623  CertAuth_Manual /**< Will only use preconfigured certificate to attempt
624  Certificate Based Authentication */
625 };
Definition: api.h:622
Definition: api.h:619
Definition: api.h:623

provides an indication of the type of credential data being requested.

Enumerator
CERTIFICATE 

Indicates a certificate-only type of connection and would not normally be sent to client unless a post-authentication banner is to be displayed.

CREDENTIALS 

Indicates that the user is to be prompted for authentication credentials

PROXY 

Indicates that the user is to be prompted for proxy-authentication credentials

MANUAL_PKCS12_IMPORT 

Indicates that the user is to be prompted for passwords related to PKCS12 import

STATUS 

Indicates that status messages are to be displayed to the user

SINGLESIGNON 

Indicates an embedded browser based single sign-on authentication method is requested.

SINGLELOGOUT 

Indicates an embedded browser based single sign-on authentication logout is requested.

LEGACY_SINGLESIGNON 

(deprecated) Indicates a browser based single sign-on authentication method is requested.

225 {
226  CERTIFICATE, /**< Indicates a certificate-only type of connection and
227  would not normally be sent to client unless a
228  post-authentication banner is to be displayed. */
229  CREDENTIALS, /**< Indicates that the user is to be prompted for authentication
230  credentials */
231  PROXY, /**< Indicates that the user is to be prompted for
232  proxy-authentication credentials */
233  MANUAL_PKCS12_IMPORT, /**< Indicates that the user is to be prompted for passwords related
234  to PKCS12 import*/
235  STATUS, /**< Indicates that status messages are to be displayed to
236  the user*/
237  SINGLESIGNON, /**< Indicates an embedded browser based single sign-on authentication method is requested. */
238  SINGLELOGOUT, /**< Indicates an embedded browser based single sign-on authentication logout is requested. */
239  LEGACY_SINGLESIGNON, /**< (deprecated) Indicates a browser based single sign-on authentication method is requested. */
240 };
Definition: api.h:238
Definition: api.h:237
Definition: api.h:239
Definition: api.h:226
Definition: api.h:229
Definition: api.h:233
Definition: api.h:231
Definition: api.h:235

MessageType presents a level of severity associated with messages that are sent to the API. The severity can be useful for deciding how a message is to be shown. A UI might decide based on type to show a message as a modal dialog versus a message written to the status area for an existing UI.

Enumerator
MsgType_Error 

Issue usually requiring user to acknowledge

MsgType_Alert 

Warning message that needs to be shown to user.

MsgType_Warn 

Less severe, not required to be shown to user

MsgType_Info 

General message providing status, progress, etc.

MsgType_Status 

Can be used to indicate unexpected tunnel status change.

MsgType_UrlError 

Error message that provides additional information by opening browser.

105 {
106  MsgType_Error, /**< Issue usually requiring user to acknowledge */
107  MsgType_Alert, /**< Warning message that needs to be shown to user. */
108  MsgType_Warn, /**< Less severe, not required to be shown to user */
109  MsgType_Info, /**< General message providing status, progress, etc. */
110  MsgType_Status, /**< Can be used to indicate unexpected tunnel status change. */
111  MsgType_UrlError /**< Error message that provides additional information by opening browser. */
112 };
Definition: api.h:109
Definition: api.h:111
Definition: api.h:106
Definition: api.h:107
Definition: api.h:108
Definition: api.h:110

Indicates the client mode of operation. Unlike tunneling mode or other mutually exclusive modes, client operating modes are independent settings, several of which can be turned on simultaneously.

Enumerator
FIPS 

Indicates that the client is running in FIPS mode.

StartBeforeLogon 

Indicates that the client is running in Start Before Login mode.

GUI 

Indicates that the client is a GUI client.

TrustedNetworkDetection 

Indicates that a Trusted Network Detection policy is enabled for the client.

AlwaysOnVpn 

Indicates that the Always On policy is enabled for the client.

NetworkIssue 

For user notifications only. Indication by API to the UI that there is a network condition.

Quarantined 

Indicates that the VPN session is being Quarantined by the secure gateway.

AutomaticHeadendSelection 

Indicates that Automatic Headend is enabled.

DisconnectAllowed 

Indicates that the user is allowed to disconnect the VPN based on policy.

VPNDisabled 

Indicates that the VPN service is to be marked as disabled.

SCEPMode 

Indicates that the client is performing a SCEP cert enrollment.

OnTrustedNetwork 

Indicates that at last check, the client detected that it was on a trusted network.

ManualHostInputAllowed 

Indicates that the user is allowed to add a new host by typing its name in the VPN edit box.

ErrorSuppressed 

Indicates a connection error has been returned fronm the agent, but was suppressed to warning to prevent popup dialog in the UI.

StrictMode 

Indicates that the client is running in strict certificate trust mode.

CLI 

Indicates that the client is a CLI client.

Management 

Indicates that the client is strictly used for initiating a management tunnel.

523 {
524  FIPS = (1 << 0), /**< Indicates that the client is
525  running in FIPS mode. */
526  StartBeforeLogon = (1 << 1), /**< Indicates that the client is
527  running in Start Before Login
528  mode. */
529  GUI = (1 << 2), /**< Indicates that the client is
530  a GUI client. */
531  TrustedNetworkDetection = (1 << 3), /**< Indicates that a Trusted Network
532  Detection policy is enabled for
533  the client. */
534  AlwaysOnVpn = (1 << 4), /**< Indicates that the Always On
535  policy is enabled for the client. */
536  NetworkIssue = (1 << 5), /**< For user notifications only.
537  Indication by API to the UI that
538  there is a network condition. */
539  Quarantined = (1 << 6), /**< Indicates that the VPN session is being
540  Quarantined by the secure gateway. */
541  AutomaticHeadendSelection= (1 << 7), /**< Indicates that Automatic Headend
542  is enabled. */
543  DisconnectAllowed = (1 << 8), /**< Indicates that the user is allowed
544  to disconnect the VPN based on
545  policy. */
546  VPNDisabled = (1 << 9), /**< Indicates that the VPN service is
547  to be marked as disabled. */
548  SCEPMode = (1 << 10), /**< Indicates that the client is
549  performing a SCEP cert enrollment. */
550  OnTrustedNetwork = (1 << 11), /**< Indicates that at last check, the
551  client detected that it was on
552  a trusted network. */
553  ManualHostInputAllowed = (1 << 12), /**< Indicates that the user is allowed
554  to add a new host by typing its name
555  in the VPN edit box. */
556  ErrorSuppressed = (1 << 13), /**< Indicates a connection error has
557  been returned fronm the agent, but
558  was suppressed to warning to
559  prevent popup dialog in the UI. */
560  StrictMode = (1 << 14), /**< Indicates that the client is
561  running in strict certificate trust mode. */
562  CLI = (1 << 15), /**< Indicates that the client is
563  a CLI client. */
564  Management = (1 << 16) /**< Indicates that the client is strictly
565  used for initiating a management tunnel. */
566 };
Definition: api.h:550
Definition: api.h:548
Definition: api.h:526
Definition: api.h:536
Definition: api.h:562
Definition: api.h:560
Definition: api.h:556
Definition: api.h:553
Definition: api.h:564
Definition: api.h:529
Definition: api.h:541
Definition: api.h:539
Definition: api.h:531
Definition: api.h:546
Definition: api.h:534
Definition: api.h:524
Definition: api.h:543
Enumerator
ServiceDisable 

This preference disable the VPN service. If more than one profile exists and any one profile has VPN enabled, then it will be enabled. False is the default.

CertificateStoreOverride 

This preference will trigger an alternate authentication sequence in the API. The preference is only settable by an administrator.

CertificateStore 

This preference indicates which Windows certificate store AnyConnect should look in for client certificates. The options are All, Machine and User with a default of All. The preference is only settable by an administrator.

CertificateStoreMac 

This preference indicates which macOS keychain AnyConnect should look in for client certificates. The options are All, System and Login with a default of All. The preference is only settable by an administrator.

CertificateStoreLinux 

This preference indicates which Linux certificate store AnyConnect should look in for client certificates. The options are All, Machine and User with a default of All. The preference is only settable by an administrator.

ShowPreConnectMessage 

The ShowPreConnectMessage preference gives the administrator the ability to display an AnyConnect startup banner message. The message will appear only once per AnyConnect program start. The preference is only settable by an administrator.

AutoConnectOnStart 

This preference allows the user to select whether to establish a connection automatically on startup or not.

MinimizeOnConnect 

This preference allows the user to select if the GUI should minimize when the connection is established

LocalLanAccess 

This preference will provide a mechanism where the user can disable access to their Local LAN.

DisableCaptivePortalDetection 

This preference will provide a mechanism where the user can disable captive portal detection.

AutoReconnect 

First control of the reconnect behavior. If the client becomes disconnected for any reason, a reconnect attempt is made.

AutoReconnectBehavior 

Second control of the reconnect behavior. When coming out of suspend/hibernate/standby mode. Options are disconnect on suspend and reconnect after suspend.

SuspendOnConnectedStandby 

This setting allows to control whether the VPN tunnel is suspended when the system enters the Connected Standby mode. It applies only to Windows 8 and above.

UseStartBeforeLogon 

This preference allows an administrator to control the use of the Start Before Logon feature. The preference can be set to true (on) or false (off).

AutoUpdate 

Once the Downloader has loaded the profile, it can check the AutoUpdate preference to see if updates are either disabled or enabled

RSASecurIDIntegration 

This preference will enable the administrator and possibly end user to select the preferred method of managing their SDI PIN and PASSCODE interactions. Options are Automatic (default), SoftwareTokens and HardwareTokens.

WindowsLogonEnforcement 

This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Windows only).

WindowsVPNEstablishment 

This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Windows only).

LinuxLogonEnforcement 

This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Linux only).

LinuxVPNEstablishment 

This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Linux only).

ProxySettings 

This preference allows an administrator to control how user's proxy setups are handled.

AllowLocalProxyConnections 

This preference allows the administrator to control whether to allow establishing a connection through a local proxy.

PPPExclusion 

This preference allows an administrator to control the policy used to exclude routes to PPP servers when connecting over L2TP or PPTP. Options are Automatic (default), Disable, and Override.

PPPExclusionServerIP 

When PPPExclusion is set to Manual, the value of this preference allows an end user to specify the address of a PPP server that should be excluded from tunnel traffic.

AutomaticVPNPolicy 

This preference allows an administrator to define a policy to automatically manage when a VPN connection should be started or stopped.

TrustedNetworkPolicy 

This preference allows an administrator to define a policy for users in trusted networks. The options are: Disconnect or DoNothing.

UntrustedNetworkPolicy 

This preference allows an administrator to define a policy for users in untrusted networks. The options are: Connect or DoNothing.

BypassConnectUponSessionTimeout 

This preference allows an administrator the ability to instruct the client to bypass the automatic connection retry after a VPN session timeout.

TrustedDNSDomains 

This preference defines a list of comma separated DNS suffixes that a network interface in a trusted network might have.

TrustedDNSServers 

This preference defines a list of comma separated DNS servers that a network interface in a trusted network might have.

TrustedHttpsServerList 

This preference defines a list of comma separated https servers reachable only via a trusted network.

AlwaysOn 

This preference governs VPN reestablishment after interruptions

ConnectFailurePolicy 

This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure. It is a component of AlwaysOn

AllowCaptivePortalRemediation 

This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure it is a component of AlwaysOn

CaptivePortalRemediationTimeout 

This preference allows the network administrator the ability to impose a time limit for captive portal remediation when the ConnectFailurePolicy value is Closed It is a component of AlwaysOn

ApplyLastVPNLocalResourceRules 

This preference gives the network administrator the ability to allow split routes and firewall rules to be applied following a VPN connection establishment failure when the ConnectFailurePolicy value is Closed It is a component of AlwaysOn

AllowVPNDisconnect 

During Always On, this specifies that the user is allowed to disconnect the VPN session.

AllowedHosts 

During Always On, user has access to the specified hosts when VPN is disconnected.

EnableScripting 

This preference allows an administrator to enable scripting (on connect or on disconnect).

TerminateScriptOnNextEvent 

This preference dictates whether or not AnyConnect will terminate a running script process if a transition to another scriptable event occurs.

EnablePostSBLOnConnectScript 

This preference is used to control whether or not the OnConnect script will be launched from the desktop GUI when a tunnel has been established via SBL.

AutomaticCertSelection 

This preference dictates whether or not to disable the default automatic certificate selection for user certificates. If disabled, a certificate selection dialog is displayed. This only applies if the GUI is enabled and not SBL. This only applies to Windows (not WinMobile).

RetainVpnOnLogoff 

First control of the logoff behavior. This preference allows an administrator to control if the VPN is terminated or retained after user logs off.

UserEnforcement 

Second control of the logoff behavior. When the VPN connection has been retained after user logged off. Controls what user can log in and keep the VPN connection. Options are same user only and any user.

DeviceLockRequired 

This preference indicates whether or not a Windows Mobile device must be configured with a password or PIN prior to establishing a VPN connection. This configuration is only valid on Windows Mobile devices that use the Microsoft Default Local Authentication Provider (LAP).

DeviceLockMaximumTimeoutMinutes 

When set to a non-negative number, this preference specifies the maximum number of minutes a device can be inactive before device lock takes into effect. (WM5/WM5AKU2+)

DeviceLockMinimumPasswordLength 

When set to a non-negative number, this preference specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. This setting must be pushed down to the mobile device by syncing with an Exchange server before it can be enforced. (WM5AKU2+)

DeviceLockPasswordComplexity 

This preference checks whether or not the password belongs to one of three subtypes: alpha, pin, strong

EnableAutomaticServerSelection 

Automatic server selection will automatically select the optimal secure gateway for the endpoint

AutoServerSelectionImprovement 

During a reconnection attempt after a system resume, this setting specifies the minimum estimated performance improvement required to justify transitioning a user to a new server This value represents percentage in 0..100

AutoServerSelectionSuspendTime 

During a reconnection attempt after a system resume, this specifies the minimum time a user must have been suspended in order to justify a new server selection calculation. Unit is hours

AuthenticationTimeout 

Time, in seconds, that the client waits for authentication to be completed.

SafeWordSofTokenIntegration 

This preference will enable the administrator and possibly the end user to enable SafeWord SofToken integration. Options are Enabled (true) and Disabled (false - default).

AllowIPsecOverSSL 

if 'true' then tunneling of IPSEC over SSL is made possible with help from the ASA.

ClearSmartcardPin 

This preference controls whether the smartcard pin will be cleared on a successful connection

IPProtocolSupport 

This preference controls which protocol(s) will be allowed for the connection

CaptivePortalRemediationBrowserFailover 

This preference is applicable to enhanced captive portal remediation and specifies whether the user is allowed to opt for an external browser for remediation, as opposed to the AnyConnect browser.

AllowManualHostInput 

This preference specifies whether the user is allowed to type a new hostname in the VPN edit box.

BlockUntrustedServers 

This preference specifies whether the user wants to allow for connections to secure gateways with certificate errors.

PublicProxyServerAddress 

This preference specifies the public proxy server address to be used. This number is in the format ServerAddr:ServerPort (ex. 101.89.85.444:8080) or just the FQDN.

CertificatePinning 

This preference specifies whether Certificate Pinning check should be performed during server certificate verification.

275 {
276  ServiceDisable, /**< This preference disable the VPN service.
277  If more than one profile exists and any one
278  profile has VPN enabled, then it will be
279  enabled. False is the default. */
280  CertificateStoreOverride,/**< This preference will trigger an alternate
281  authentication sequence in the API. The
282  preference is only settable by an
283  administrator. */
284  CertificateStore, /**< This preference indicates which Windows certificate
285  store AnyConnect should look in for client certificates.
286  The options are All, Machine and User with a default of All.
287  The preference is only settable by an administrator. */
288  CertificateStoreMac, /**< This preference indicates which macOS keychain
289  AnyConnect should look in for client certificates.
290  The options are All, System and Login with a default of All.
291  The preference is only settable by an administrator. */
292  CertificateStoreLinux, /**< This preference indicates which Linux certificate
293  store AnyConnect should look in for client certificates.
294  The options are All, Machine and User with a default of All.
295  The preference is only settable by an administrator. */
296  ShowPreConnectMessage, /**< The ShowPreConnectMessage preference gives the
297  administrator the ability to display an AnyConnect
298  startup banner message. The message will appear
299  only once per AnyConnect program start. The
300  preference is only settable by an
301  administrator. */
302  AutoConnectOnStart, /**< This preference allows the user to select
303  whether to establish a connection automatically
304  on startup or not. */
305  MinimizeOnConnect, /**< This preference allows the user to select if
306  the GUI should minimize when the connection is
307  established */
308  LocalLanAccess, /**< This preference will provide a mechanism where
309  the user can disable access to their Local LAN. */
310  DisableCaptivePortalDetection, /**<This preference will provide a mechanism where
311  the user can disable captive portal detection.*/
312  AutoReconnect, /**< First control of the reconnect behavior. If the
313  client becomes disconnected for any reason, a
314  reconnect attempt is made. */
315  AutoReconnectBehavior, /**< Second control of the reconnect behavior. When
316  coming out of suspend/hibernate/standby mode.
317  Options are disconnect on suspend and reconnect
318  after suspend. */
319  SuspendOnConnectedStandby, /**< This setting allows to control whether the VPN tunnel
320  is suspended when the system enters the Connected Standby
321  mode. It applies only to Windows 8 and above. */
322  UseStartBeforeLogon, /**< This preference allows an administrator to
323  control the use of the Start Before Logon
324  feature. The preference can be set to true (on)
325  or false (off). */
326  AutoUpdate, /**< Once the Downloader has loaded the profile, it
327  can check the AutoUpdate preference to see if
328  updates are either disabled or enabled */
329  RSASecurIDIntegration, /**< This preference will enable the administrator
330  and possibly end user to select the preferred
331  method of managing their SDI PIN and PASSCODE
332  interactions. Options are Automatic (default),
333  SoftwareTokens and HardwareTokens. */
334  WindowsLogonEnforcement,/**< This preference allows an administrator to
335  control if more than one user may be logged into
336  the client PC during the VPN connection (Windows
337  only). */
338  WindowsVPNEstablishment,/**< This preference allows an administrator to
339  control whether or not remote users may initiate
340  a VPN connection (Windows only). */
341  LinuxLogonEnforcement, /**< This preference allows an administrator to
342  control if more than one user may be logged into
343  the client PC during the VPN connection (Linux
344  only). */
345  LinuxVPNEstablishment, /**< This preference allows an administrator to
346  control whether or not remote users may initiate
347  a VPN connection (Linux only). */
348  ProxySettings, /**< This preference allows an administrator to
349  control how user's proxy setups are handled.*/
350  AllowLocalProxyConnections, /**< This preference allows the administrator to control
351  whether to allow establishing a connection through
352  a local proxy. */
353  PPPExclusion, /**< This preference allows an administrator to control
354  the policy used to exclude routes to
355  PPP servers when connecting over L2TP or PPTP.
356  Options are Automatic (default), Disable,
357  and Override. */
358  PPPExclusionServerIP, /**< When PPPExclusion is set to Manual,
359  the value of this preference allows an
360  end user to specify the address of a
361  PPP server that should be excluded
362  from tunnel traffic. */
363  AutomaticVPNPolicy, /**< This preference allows an administrator to
364  define a policy to automatically manage when a
365  VPN connection should be started or stopped. */
366  TrustedNetworkPolicy, /**< This preference allows an administrator to
367  define a policy for users in trusted networks.
368  The options are: Disconnect or DoNothing. */
369  UntrustedNetworkPolicy, /**< This preference allows an administrator to
370  define a policy for users in untrusted networks.
371  The options are: Connect or DoNothing. */
372  BypassConnectUponSessionTimeout, /**< This preference allows an administrator
373  the ability to instruct the client to bypass the
374  automatic connection retry after a VPN session timeout. */
375  TrustedDNSDomains, /**< This preference defines a list of comma
376  separated DNS suffixes that a network interface
377  in a trusted network might have. */
378  TrustedDNSServers, /**< This preference defines a list of comma
379  separated DNS servers that a network interface
380  in a trusted network might have. */
381  TrustedHttpsServerList, /**< This preference defines a list of comma separated
382  https servers reachable only via a trusted network.*/
383  AlwaysOn, /**< This preference governs VPN reestablishment after
384  interruptions */
385  ConnectFailurePolicy, /**< This preference gives the network administrator
386  the ability to dictate the network access allowed
387  by the client endpoint device following a VPN
388  connection establishment failure. It is a component
389  of AlwaysOn */
390  AllowCaptivePortalRemediation, /**< This preference gives the network administrator
391  the ability to dictate the network access
392  allowed by the client endpoint device following
393  a VPN connection establishment failure it is a
394  component of AlwaysOn */
395  CaptivePortalRemediationTimeout, /**< This preference allows the network administrator
396  the ability to impose a time limit for captive portal
397  remediation when the ConnectFailurePolicy value is Closed
398  It is a component of AlwaysOn */
399  ApplyLastVPNLocalResourceRules, /**< This preference gives the network administrator
400  the ability to allow split routes and firewall rules
401  to be applied following a VPN connection establishment
402  failure when the ConnectFailurePolicy value is Closed
403  It is a component of AlwaysOn */
404  AllowVPNDisconnect, /**< During Always On, this specifies that the user is allowed to
405  disconnect the VPN session. */
406  AllowedHosts, /**< During Always On, user has access to the specified hosts
407  when VPN is disconnected. */
408  EnableScripting, /**< This preference allows an administrator to
409  enable scripting (on connect or on
410  disconnect). */
411  TerminateScriptOnNextEvent, /**< This preference dictates whether or not
412  AnyConnect will terminate a running script
413  process if a transition to another
414  scriptable event occurs. */
415  EnablePostSBLOnConnectScript, /**< This preference is used to control whether
416  or not the OnConnect script will be launched
417  from the desktop GUI when a tunnel has been
418  established via SBL. */
419  AutomaticCertSelection, /**< This preference dictates whether or not to disable
420  the default automatic certificate selection for user
421  certificates. If disabled, a certificate selection dialog is
422  displayed. This only applies if the GUI is enabled
423  and not SBL. This only applies to Windows (not WinMobile). */
424  RetainVpnOnLogoff, /**< First control of the logoff behavior. This preference allows
425  an administrator to control if the VPN is terminated or retained
426  after user logs off.*/
427  UserEnforcement, /**< Second control of the logoff behavior. When the VPN connection has
428  been retained after user logged off. Controls what user can log in
429  and keep the VPN connection. Options are same user only and any user. */
430  DeviceLockRequired, /**< This preference indicates whether or not
431  a Windows Mobile device must be configured
432  with a password or PIN prior to establishing
433  a VPN connection. This configuration is
434  only valid on Windows Mobile devices that
435  use the Microsoft Default Local
436  Authentication Provider (LAP). */
437  DeviceLockMaximumTimeoutMinutes, /**< When set to a non-negative number,
438  this preference specifies the maximum
439  number of minutes a device can be
440  inactive before device lock takes
441  into effect. (WM5/WM5AKU2+) */
442  DeviceLockMinimumPasswordLength, /**< When set to a non-negative number,
443  this preference specifies that any
444  PIN/password used for device lock
445  must be equal to or longer than
446  the specified value, in characters.
447  This setting must be pushed down to
448  the mobile device by syncing with
449  an Exchange server before it can be
450  enforced. (WM5AKU2+) */
451  DeviceLockPasswordComplexity, /**< This preference checks whether or
452  not the password belongs to one of
453  three subtypes: alpha, pin, strong */
454  EnableAutomaticServerSelection, /**< Automatic server selection will
455  automatically select the optimal
456  secure gateway for the endpoint */
457  AutoServerSelectionImprovement, /**< During a reconnection attempt after
458  a system resume, this setting
459  specifies the minimum estimated
460  performance improvement required to
461  justify transitioning a user to a new server
462  This value represents percentage in 0..100 */
463  AutoServerSelectionSuspendTime, /**< During a reconnection attempt after
464  a system resume, this specifies the
465  minimum time a user must have been
466  suspended in order to justify a new
467  server selection calculation. Unit is hours */
468  AuthenticationTimeout, /**< Time, in seconds, that the client waits
469  for authentication to be completed.*/
470  SafeWordSofTokenIntegration, /**< This preference will enable the administrator and possibly
471  the end user to enable SafeWord SofToken integration.
472  Options are Enabled (true) and Disabled (false - default). */
473  AllowIPsecOverSSL, /**< if 'true' then tunneling of IPSEC over SSL
474  is made possible with help from the ASA.
475  */
476  ClearSmartcardPin, /**< This preference controls whether the smartcard pin
477  will be cleared on a successful connection*/
478  IPProtocolSupport, /**< This preference controls which protocol(s) will be
479  allowed for the connection*/
480  CaptivePortalRemediationBrowserFailover, /**< This preference is applicable to enhanced captive portal
481  remediation and specifies whether the user is allowed to
482  opt for an external browser for remediation, as opposed to
483  the AnyConnect browser. */
484  AllowManualHostInput, /**< This preference specifies whether the user
485  is allowed to type a new hostname in the VPN
486  edit box. */
487  BlockUntrustedServers, /**< This preference specifies whether the user wants
488  to allow for connections to secure gateways with
489  certificate errors. */
490  PublicProxyServerAddress, /**< This preference specifies the public proxy server
491  address to be used. This number is in the format
492  ServerAddr:ServerPort (ex. 101.89.85.444:8080)
493  or just the FQDN. */
494  CertificatePinning, /**< This preference specifies whether Certificate Pinning
495  check should be performed during server certificate
496  verification. */
497  UnknownPreference
498 };
Definition: api.h:408
Definition: api.h:484
Definition: api.h:280
Definition: api.h:390
Definition: api.h:424
Definition: api.h:378
Definition: api.h:411
Definition: api.h:487
Definition: api.h:494
Definition: api.h:315
Definition: api.h:305
Definition: api.h:363
Definition: api.h:419
Definition: api.h:427
Definition: api.h:358
Definition: api.h:302
Definition: api.h:404
Definition: api.h:296
Definition: api.h:276
Definition: api.h:375
Definition: api.h:308
Definition: api.h:341
Definition: api.h:437
Definition: api.h:366
Definition: api.h:350
Definition: api.h:372
Definition: api.h:329
Definition: api.h:468
Definition: api.h:430
Definition: api.h:312
Definition: api.h:292
Definition: api.h:478
Definition: api.h:470
Definition: api.h:490
Definition: api.h:369
Definition: api.h:381
Definition: api.h:338
Definition: api.h:476
Definition: api.h:395
Definition: api.h:284
Definition: api.h:473
Definition: api.h:383
Definition: api.h:326
Definition: api.h:463
Definition: api.h:288
Definition: api.h:442
Definition: api.h:454
Definition: api.h:310
Definition: api.h:319
Definition: api.h:399
Definition: api.h:348
Definition: api.h:334
Definition: api.h:322
Definition: api.h:406
Definition: api.h:451
Definition: api.h:385
Definition: api.h:345
Definition: api.h:457
Definition: api.h:415
Definition: api.h:353

Indicates the scope of the preferences contained in a PreferenceInfo object

Enumerator
User 

Indicates that the preferences were set by a user

Global 

Indicates that the preferences are global

UserAndGlobal 

Indicates that we have both user and global preferences

508 {
509  User, /**< Indicates that the preferences were set by a user */
510  Global, /**< Indicates that the preferences are global */
511  UserAndGlobal /**< Indicates that we have both user and global preferences */
512 };
Definition: api.h:509
Definition: api.h:510
Definition: api.h:511
enum PromptType

Indicates the prompt or credential type.

Enumerator
Prompt_Input 

label and value.

Prompt_Password 

label and value, indicates user response should be masked.

Prompt_Banner 

value (the banner) with no label set.

Prompt_Combo 

list with choices options.

Prompt_Header 

label intended as header and with value.

Prompt_Hidden 

hidden value, should be ignored and left unchanged in response.

Prompt_CheckBox 

label and value (contrained to true or false)

Prompt_SSO 

single sign-on authentication token prompt

249  { Prompt_Input, /**< label and value. */
250  Prompt_Password, /**< label and value, indicates user
251  response should be masked. */
252  Prompt_Banner, /**< value (the banner) with no label set. */
253  Prompt_Combo, /**< list with choices options. */
254  Prompt_Header, /**< label intended as header and with
255  value. */
256  Prompt_Hidden, /**< hidden value, should be ignored and
257  left unchanged in response. */
258  Prompt_CheckBox, /**< label and value (contrained to true or false) */
259  Prompt_SSO /**< single sign-on authentication token prompt */
260 };
Definition: api.h:249
Definition: api.h:253
Definition: api.h:250
Definition: api.h:259
Definition: api.h:254
Definition: api.h:252
Definition: api.h:256
Definition: api.h:258

Identifies the type of token that was used successfully when SDI Authentication is in use.

123 {
124  SDITT_NONE,
125  SDITT_HARDWARE,
126  SDITT_SOFTWARE
127 };
enum VPNError

Indicates the last error seen by the API in this connection attempt.

Enumerator
VPNSuccess 

No error has occurred.

VPNError_Generic_FatalError 

An error of unknown type has occured

VPNError_Connection_Error 

An unknown connection error has occured, such as bad hostname, bad group, etc.

VPNError_Connection_InvalidGroupURL 

Invalid Group URL specified in the server address

VPNError_Network_Error 

An unknown network error has occured, such as DNS resolution error, unable to open socket, routing error, captive portal, etc.

VPNError_Authentication_Error 

An unknown user authenication error has occured.

VPNError_Authentication_DAP_Terminate 

Access Denied: Your system does not meet policy requirements (DAP).

VPNError_ClientCertificate_UnknownError 

An unknown client certificate error has occured.

VPNError_ClientCertificate_Missing 

A client certificate is required but no client certificate has been found on the system.

VPNError_ClientCertificate_Expired 

The client certificate has expired

VPNError_ClientCertificate_NotYetValid 

The client certificate is not yet valid.

VPNError_ServerCertificate_UnknownError 

An unknown error has occured when validating the server certificate.

VPNError_ServerCertificate_Expired 

The server certificate has expired.

VPNError_ServerCertificate_NotYetValid 

The server certificate is not yet valid.

575 {
576  VPNSuccess = 0, /**< No error has occurred. */
577  VPNError_Generic_FatalError = 1, /**< An error of unknown type has
578  occured */
579 
580  VPNError_Connection_Error = 100, /**< An unknown connection error has
581  occured, such as bad hostname, bad
582  group, etc. */
583  VPNError_Connection_InvalidGroupURL, /**< Invalid Group URL specified in the
584  server address */
585 
586  VPNError_Network_Error = 200, /**< An unknown network error has
587  occured, such as DNS resolution
588  error, unable to open socket,
589  routing error, captive portal,
590  etc. */
591 
592  VPNError_Authentication_Error = 300, /**< An unknown user authenication
593  error has occured. */
594 
595  VPNError_Authentication_DAP_Terminate, /**< Access Denied: Your system does
596  not meet policy requirements (DAP). */
597 
598  VPNError_ClientCertificate_UnknownError = 400, /**< An unknown client
599  certificate error has
600  occured. */
601  VPNError_ClientCertificate_Missing, /**< A client certificate is required
602  but no client certificate has been
603  found on the system. */
604  VPNError_ClientCertificate_Expired, /**< The client certificate has expired */
605  VPNError_ClientCertificate_NotYetValid, /**< The client certificate is not
606  yet valid. */
607 
608  VPNError_ServerCertificate_UnknownError = 500, /**< An unknown error has
609  occured when validating
610  the server certificate. */
611  VPNError_ServerCertificate_Expired, /**< The server certificate has
612  expired. */
613  VPNError_ServerCertificate_NotYetValid /**< The server certificate is not
614  yet valid. */
615 };
Definition: api.h:592
Definition: api.h:576
Definition: api.h:577
Definition: api.h:586
Definition: api.h:580
enum VPNState

Provides the current state of the VPN tunnel.

Enumerator
CONNECTED 

VPN is active

DISCONNECTED 

VPN is inactive

CONNECTING 

VPN is being established

DISCONNECTING 

VPN is being terminated

RECONNECTING 

VPN is being re-connected. This state can occur due to network or other temporary problems. The state indicates that the VPN is temporarily unavailable and indicates the connection is being re-established.

PAUSING 

VPN is being paused.

PAUSED 

VPN is paused.

SSOPOLLING 

API is doing auth-poll, VPN is disconnected.

136 {
137  CONNECTED = STATE_CONNECTED, /**< VPN is active */
138  DISCONNECTED = STATE_DISCONNECTED, /**< VPN is inactive */
139  CONNECTING = STATE_CONNECTING, /**< VPN is being established */
140  DISCONNECTING = STATE_DISCONNECTING, /**< VPN is being terminated */
141  RECONNECTING = STATE_RECONNECTING, /**< VPN is being re-connected. This state
142  can occur due to network or other
143  temporary problems. The state
144  indicates that the VPN is temporarily
145  unavailable and indicates the
146  connection is being re-established. */
147  PAUSING = STATE_PAUSING, /**< VPN is being paused. */
148  PAUSED = STATE_PAUSED, /**< VPN is paused. */
149  SSOPOLLING = STATE_SSOPOLLING, /**< API is doing auth-poll, VPN is disconnected. */
150  UNKNOWN = ~0
151 };
Definition: api.h:137
Definition: api.h:140
Definition: api.h:139
Definition: api.h:141
Definition: api.h:147
Definition: api.h:138
Definition: api.h:149
Definition: api.h:148

Provides the current sub-state of the VPN tunnel.

160 {
161  VPNSS_NORMAL = VCSS_NORMAL,
162  VPNSS_INDEFINITE_DELAY = VCSS_INDEFINITE_DELAY,
163  VPNSS_SESSION_EXPIRING = VCSS_SESSION_EXPIRING,
164  VPNSS_MT_DISCONNECTED_DISABLED = VCSS_MT_DISCONNECTED_DISABLED,
165  VPNSS_MT_DISCONNECTED_TRUSTED_NW = VCSS_MT_DISCONNECTED_TRUSTED_NW,
166  VPNSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE= VCSS_MT_DISCONNECTED_USER_TUNNEL_ACTIVE,
167  VPNSS_MT_DISCONNECTED_LAUNCH_FAILED = VCSS_MT_DISCONNECTED_LAUNCH_FAILED,
168  VPNSS_MT_DISCONNECTED_CONNECT_FAILED = VCSS_MT_DISCONNECTED_CONNECT_FAILED,
169  VPNSS_MT_DISCONNECTED_BAD_VPN_CONFIG = VCSS_MT_DISCONNECTED_BAD_VPN_CONFIG,
170  VPNSS_MT_DISCONNECTED_SW_UP_PENDING = VCSS_MT_DISCONNECTED_SW_UP_PENDING,
171  VPNSS_MTU_ADJUSTMENT_PENDING = VCSS_MTU_ADJUSTMENT_PENDING
172 };
enum WMHint

WMHint provides a hint for the GUI to either minimize or un-minimize.

Enumerator
MINIMIZE 

hint to minimize GUI

OPEN 

hint to un-minimize GUI

QUIT 

hint that GUI should close.

See Also
WMHintReason
REFRESHHOSTNAMES 

hint to refresh the list of secure gateways

REFRESHPREFS 

hint to refresh the preferences

SHOWCONNECTING 

hint to display "connecting" status

CLOSECREDENTIALPOPUP 

hint to close the credentials popup

182 {
183  MINIMIZE, /**< hint to minimize GUI */
184  OPEN, /**< hint to un-minimize GUI */
185  QUIT, /**< hint that GUI should close. @see WMHintReason */
186  REFRESHHOSTNAMES,/**< hint to refresh the list of secure gateways */
187  REFRESHPREFS, /**< hint to refresh the preferences */
188  SHOWCONNECTING, /**< hint to display "connecting" status */
189  CLOSECREDENTIALPOPUP, /**< hint to close the credentials popup */
190 };
Definition: api.h:188
Definition: api.h:183
Definition: api.h:184
Definition: api.h:185
Definition: api.h:186
Definition: api.h:187
Definition: api.h:189

WMHintReason provides a reason indicator for the WMHint

Enumerator
SECONDGUISTART 

Indicates a second GUI has been launched. This indicator is used to suggest that the GUI already running be OPENed and that the first one should exit.

PROXYREQUEST 

Proxy credential request can be for web-launch or standalone-initiated connections.

SERVICEFAILURE 

This tag is used when the VPN service is no longer available.

DISCONNECT 

Any disconnect notices should be seen by the user.

SERVICESTOPPED 

This tag will be used in cases where the VPN service has been stopped.

CONNECT 

Tag indicating an action to be taken due to connect, for example a request to minimize the UI.

201 {
202  SECONDGUISTART, /**< Indicates a second GUI has been launched. This
203  indicator is used to suggest that the GUI
204  already running be OPENed and that the first one
205  should exit. */
206  PROXYREQUEST, /**< Proxy credential request can be for web-launch or
207  standalone-initiated connections. */
208  SERVICEFAILURE, /**< This tag is used when the VPN service
209  is no longer available. */
210  DISCONNECT, /**< Any disconnect notices should be seen by the user. */
211  SERVICESTOPPED, /**< This tag will be used in cases where the VPN service
212  has been stopped. */
213  CONNECT, /**< Tag indicating an action to be taken due to connect,
214  for example a request to minimize the UI. */
215  REASONUNKNOWN /**< */
216 };
Definition: api.h:208
Definition: api.h:211
Definition: api.h:213
Definition: api.h:202
Definition: api.h:206
Definition: api.h:210