How do I configure the ASA so that when a client connects from a public computer, such as from a library, that the client will be removed from the PC upon logout and any resident information is scrubbed? What does the Anyconnect keep-installer command do?
I don't think you can control that remotely. Many public terminals will not even allow a guest user to install programs. Those that do often have third party software to wipe the image clean after logoff (independent of anything you as a provider of a remote service such as you are providing via AnyConnect).
"keep-installer" makes sure the intallation is permanent (i.e. unable to be uninstalled by the client).
With clientless SSL VPN you typically "publish" a subset of your enterprise services (internal websites, mail, file shares, etc.) via your ASA. It does not require installation of AnyConnect software client at all. Once the user logs out (from within the browser) a subsequent user of the public terminal would need to re-authenticate to reach the protected resources.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...