User Guide for Cisco Security Manager 4.4
Chapter 29 Managing Remote Access VPNs: The Basics
Understanding Remote Access VPNs
Manually copy the files from the \csm folder on the active unit to the failover unit.
After deploying the policies to the active unit, force a failover and redeploy the policies to the
now-active unit.
• If you are using a VPN cluster for load balancing, the same supporting files must be deployed to all
devices in the cluster.
Cisco Secure Desktop (CSD) Packages
These packages are for ASA SSL VPNs. You select a package in the Dynamic Access policy. The
package you select must be compatible with the ASA operating system version running on the device.
When you create a Dynamic Access policy for an ASA device, the version number that is compatible
with the device’s operating system is displayed in the Version field.
You can find the CSD packages in Program Files\CSCOpx\files\vms\repository\. The file names are in
the form securedesktop-asa_k9-version.pkg or csd_version.pkg, where version is the CSD version
number such as 3.5.1077.
Following is the CSD compatibility with ASA versions for the CSD packages shipped with Security
• csd_3_6_181-3.6.181.pkg—ASA 8.4 or later.
• csd_3_5_2008-3.5.2008.pkg—ASA 8.0(4) or later.
• csd_3_5_2001-3.5.2001.pkg—ASA 8.0(4) or later.
• csd_3_5_1077-3.5.1077.pkg—ASA 8.0(4) or later.
• csd_3_5_841-3.5.841.pkg—ASA 8.0(4) or later.
• csd_3_4_2048-3.4.2048.pkg—ASA 8.0(4) or later.
• csd_3_4_1108-3.4.1108.pkg—ASA 8.0(4) or later.
• securedesktop_asa_k9-—ASA 8.0(3.1) or later.
• securedesktop_asa-k9-—ASA 8.0(3.1) or later.
• securedesktop-asa-k9-—ASA 8.0(3) or later.
• securedesktop-asa_k9-—ASA 8.0(2) or later.
For more information on CSD version compatibility with ASA versions, see the CSD release notes at
http://www.cisco.com/en/US/products/ps6742/prod_release_notes_list.html and Supported VPN
Platforms on Cisco.com.
For more information on creating Dynamic Access policies to specify the CSD, see Configuring Cisco
Secure Desktop Policies on ASA Devices, page 31-8.
AnyConnect Client Images
These images are for remote access SSL and IKEv2 IPsec VPNs hosted on an ASA. The AnyConnect
client is downloaded to the user’s PC and manages the client’s VPN connection. Security Manager
includes several AnyConnect images, which you can find in Program
Files\CSCOpx\files\vms\repository\. The package names indicate the workstation operating system and
the anyconnect release number in this general pattern:
anyconnect-client_OS_information-anyconnect_release.pkg. For example,
anyconnect-win-3.0.0610-k9-3.0.0610.pkg is the AnyConnect 3.0(0610) client for Windows
workstations. The k9 indicates that the package includes encryption. In this example, the AnyConnect
release number is repeated; in some file names, the release number appears once.