Add AnyConnect Custom Attributes Objects

Before you begin

Ensure that you have done the following before adding a custom attribute object for Per App VPN:

Per App VPN must be properly configured via MDM and each device must be enrolled to the MDM server
Create a base64 encoded string for each app using the Cisco AnyConnect Enterprise Application Selector Tool.
1. Download the Cisco AnyConnect Enterprise Application Selector Tool from here.
2. Open the Application Selection Tool and select the mobile platform from the drop down menu located on the upper left.
3. Add rule by entering Friendly name and App ID; rest of the fields are optional.
4. On the menu bar, click on Policy. The encoded base65 rule is displayed in its encoded format.
5. Select and copy the policy string, and save it to use later when you create the AnyConnect Custom Attributes object.

Procedure

Step 1	Choose Objects > Object Management > VPN > Custom Attributes.
Step 2	Click Add AnyConnect Custom Attributes.
Step 3	Enter a Name and optionally a Description for the attribute.
Step 4	Select an AnyConnect Attribute from the list: Per App VPN — Select this option and specify the base64 encoded string in the Attribute Value box. Allow Defer Update—Select one of the following options and specify the required information to allow or defer AnyConnect client update: Show the prompt until user takes action—Display the prompt to the VPN user until the user chooses to allow or defer the VPN client update. Show the prompt until times out—Choose this option to display the prompt for a specified duration and specify the duration int the Timeout box. Do not show the prompt and take automatic action—Choose this option to automatically allow or defer the VPN update. Default Action—Select the default action to be taken when the user does not respond, or when you want to configure an automatic action without the user's intervention. You can choose to update the AnyConnect client or postpone the update. Minimum Version—Specify the minimum AnyConnect version to be present on the client system to allow or defer the update. Dynamic Split Tunneling—Select this option to include or exclude IP addresses or networks from the VPN tunnel. Include domains—Specify domain names that will be included in the remote access VPN tunnel. Exclude domains—Specify domain names that will be excluded from the remote access VPN tunnel.
Step 5	Select the Allow Overrides check box to allow object overrides.
Step 6	Click Save. The custom attributes object is added to the list.

What to do next

Associate the custom attributes with a group policy. See Add Custom Attributes to a Group Policy .