Secure Client Custom Attributes Objects

Custom attributes are used by the Secure Client to configure features such as Per App VPN, Allow or defer upgrade, and Dynamic split tunneling. A custom attribute has a type and a named value. The type of the attribute is defined first, then one or more named values of this type can be defined. You can create the Secure Client custom attributes objects using the management center, add the objects to a group policy and associate the group policy with a remote access VPN to enable the features for the VPN clients.

Threat Defense supports the following features using the custom attribute objects:

• Per App VPN—The Per App VPN feature helps identify an app and tunnel only applications allowed by the threat defense administrator over the VPN.

• Allow or defer upgrade— Deferred Upgrade allows the Secure Client user to delay download of the Secure Client upgrade. When a client update is available, you can configure the attributes for Secure Client to open a dialog asking the user if they would like to update, or to defer the upgrade.

• Dynamic Split Tunneling— With dynamic split tunneling, you can provision policies that either include or exclude IP addresses or networks from the VPN tunnel. Dynamic split tunneling is configured by creating a custom attribute and adding it to a group policy.

For step-by-step instructions to configure Secure Client custom attributes, see Add Secure Client Custom Attributes Objects and

For details about the specific custom attributes to configure for a feature, see the Cisco Secure Client (including AnyConnect) Administrator Guide for the Secure Client release you are using.