Enumerator |
---|
ServiceDisable |
This preference disable the VPN service. If more than one profile exists and any one profile has VPN enabled, then it will be enabled. False is the default.
|
CertificateStoreOverride |
This preference will trigger an alternate authentication sequence in the API. The preference is only settable by an administrator.
|
CertificateStore |
This preference indicates which Windows certificate store AnyConnect should look in for client certificates. The options are All, Machine and User with a default of All. The preference is only settable by an administrator.
|
CertificateStoreMac |
This preference indicates which macOS keychain AnyConnect should look in for client certificates. The options are All, System and Login with a default of All. The preference is only settable by an administrator.
|
CertificateStoreLinux |
This preference indicates which Linux certificate store AnyConnect should look in for client certificates. The options are All, Machine and User with a default of All. The preference is only settable by an administrator.
|
ShowPreConnectMessage |
The ShowPreConnectMessage preference gives the administrator the ability to display an AnyConnect startup banner message. The message will appear only once per AnyConnect program start. The preference is only settable by an administrator.
|
AutoConnectOnStart |
This preference allows the user to select whether to establish a connection automatically on startup or not.
|
MinimizeOnConnect |
This preference allows the user to select if the GUI should minimize when the connection is established
|
LocalLanAccess |
This preference will provide a mechanism where the user can disable access to their Local LAN.
|
DisableCaptivePortalDetection |
This preference will provide a mechanism where the user can disable captive portal detection.
|
AutoReconnect |
First control of the reconnect behavior. If the client becomes disconnected for any reason, a reconnect attempt is made.
|
AutoReconnectBehavior |
Second control of the reconnect behavior. When coming out of suspend/hibernate/standby mode. Options are disconnect on suspend and reconnect after suspend.
|
SuspendOnConnectedStandby |
This setting allows to control whether the VPN tunnel is suspended when the system enters the Connected Standby mode. It applies only to Windows 8 and above.
|
UseStartBeforeLogon |
This preference allows an administrator to control the use of the Start Before Logon feature. The preference can be set to true (on) or false (off).
|
AutoUpdate |
Once the Downloader has loaded the profile, it can check the AutoUpdate preference to see if updates are either disabled or enabled
|
RSASecurIDIntegration |
This preference will enable the administrator and possibly end user to select the preferred method of managing their SDI PIN and PASSCODE interactions. Options are Automatic (default), SoftwareTokens and HardwareTokens.
|
WindowsLogonEnforcement |
This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Windows only).
|
WindowsVPNEstablishment |
This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Windows only).
|
LinuxLogonEnforcement |
This preference allows an administrator to control if more than one user may be logged into the client PC during the VPN connection (Linux only).
|
LinuxVPNEstablishment |
This preference allows an administrator to control whether or not remote users may initiate a VPN connection (Linux only).
|
ProxySettings |
This preference allows an administrator to control how user's proxy setups are handled.
|
AllowLocalProxyConnections |
This preference allows the administrator to control whether to allow establishing a connection through a local proxy.
|
PPPExclusion |
This preference allows an administrator to control the policy used to exclude routes to PPP servers when connecting over L2TP or PPTP. Options are Automatic (default), Disable, and Override.
|
PPPExclusionServerIP |
When PPPExclusion is set to Manual, the value of this preference allows an end user to specify the address of a PPP server that should be excluded from tunnel traffic.
|
AutomaticVPNPolicy |
This preference allows an administrator to define a policy to automatically manage when a VPN connection should be started or stopped.
|
TrustedNetworkPolicy |
This preference allows an administrator to define a policy for users in trusted networks. The options are: Disconnect or DoNothing.
|
UntrustedNetworkPolicy |
This preference allows an administrator to define a policy for users in untrusted networks. The options are: Connect or DoNothing.
|
BypassConnectUponSessionTimeout |
This preference allows an administrator the ability to instruct the client to bypass the automatic connection retry after a VPN session timeout.
|
TrustedDNSDomains |
This preference defines a list of comma separated DNS suffixes that a network interface in a trusted network might have.
|
TrustedDNSServers |
This preference defines a list of comma separated DNS servers that a network interface in a trusted network might have.
|
TrustedHttpsServerList |
This preference defines a list of comma separated https servers reachable only via a trusted network.
|
AlwaysOn |
This preference governs VPN reestablishment after interruptions
|
ConnectFailurePolicy |
This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure. It is a component of AlwaysOn
|
AllowCaptivePortalRemediation |
This preference gives the network administrator the ability to dictate the network access allowed by the client endpoint device following a VPN connection establishment failure it is a component of AlwaysOn
|
CaptivePortalRemediationTimeout |
This preference allows the network administrator the ability to impose a time limit for captive portal remediation when the ConnectFailurePolicy value is Closed It is a component of AlwaysOn
|
ApplyLastVPNLocalResourceRules |
This preference gives the network administrator the ability to allow split routes and firewall rules to be applied following a VPN connection establishment failure when the ConnectFailurePolicy value is Closed It is a component of AlwaysOn
|
AllowVPNDisconnect |
During Always On, this specifies that the user is allowed to disconnect the VPN session.
|
AllowedHosts |
During Always On, user has access to the specified hosts when VPN is disconnected.
|
EnableScripting |
This preference allows an administrator to enable scripting (on connect or on disconnect).
|
TerminateScriptOnNextEvent |
This preference dictates whether or not AnyConnect will terminate a running script process if a transition to another scriptable event occurs.
|
EnablePostSBLOnConnectScript |
This preference is used to control whether or not the OnConnect script will be launched from the desktop GUI when a tunnel has been established via SBL.
|
AutomaticCertSelection |
This preference dictates whether or not to disable the default automatic certificate selection for user certificates. If disabled, a certificate selection dialog is displayed. This only applies if the GUI is enabled and not SBL. This only applies to Windows (not WinMobile).
|
RetainVpnOnLogoff |
First control of the logoff behavior. This preference allows an administrator to control if the VPN is terminated or retained after user logs off.
|
UserEnforcement |
Second control of the logoff behavior. When the VPN connection has been retained after user logged off. Controls what user can log in and keep the VPN connection. Options are same user only and any user.
|
DeviceLockRequired |
This preference indicates whether or not a Windows Mobile device must be configured with a password or PIN prior to establishing a VPN connection. This configuration is only valid on Windows Mobile devices that use the Microsoft Default Local Authentication Provider (LAP).
|
DeviceLockMaximumTimeoutMinutes |
When set to a non-negative number, this preference specifies the maximum number of minutes a device can be inactive before device lock takes into effect. (WM5/WM5AKU2+)
|
DeviceLockMinimumPasswordLength |
When set to a non-negative number, this preference specifies that any PIN/password used for device lock must be equal to or longer than the specified value, in characters. This setting must be pushed down to the mobile device by syncing with an Exchange server before it can be enforced. (WM5AKU2+)
|
DeviceLockPasswordComplexity |
This preference checks whether or not the password belongs to one of three subtypes: alpha, pin, strong
|
EnableAutomaticServerSelection |
Automatic server selection will automatically select the optimal secure gateway for the endpoint
|
AutoServerSelectionImprovement |
During a reconnection attempt after a system resume, this setting specifies the minimum estimated performance improvement required to justify transitioning a user to a new server This value represents percentage in 0..100
|
AutoServerSelectionSuspendTime |
During a reconnection attempt after a system resume, this specifies the minimum time a user must have been suspended in order to justify a new server selection calculation. Unit is hours
|
AuthenticationTimeout |
Time, in seconds, that the client waits for authentication to be completed.
|
SafeWordSofTokenIntegration |
This preference will enable the administrator and possibly the end user to enable SafeWord SofToken integration. Options are Enabled (true) and Disabled (false - default).
|
AllowIPsecOverSSL |
if 'true' then tunneling of IPSEC over SSL is made possible with help from the ASA.
|
ClearSmartcardPin |
This preference controls whether the smartcard pin will be cleared on a successful connection
|
IPProtocolSupport |
This preference controls which protocol(s) will be allowed for the connection
|
CaptivePortalRemediationBrowserFailover |
This preference is applicable to enhanced captive portal remediation and specifies whether the user is allowed to opt for an external browser for remediation, as opposed to the AnyConnect browser.
|
AllowManualHostInput |
This preference specifies whether the user is allowed to type a new hostname in the VPN edit box.
|
BlockUntrustedServers |
This preference specifies whether the user wants to allow for connections to secure gateways with certificate errors.
|
PublicProxyServerAddress |
This preference specifies the public proxy server address to be used. This number is in the format ServerAddr:ServerPort (ex. 101.89.85.444:8080) or just the FQDN.
|
CertificatePinning |
This preference specifies whether Certificate Pinning check should be performed during server certificate verification.
|