Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4851
Views
20
Helpful
3
Replies

Lock URL on Cisco AnyConnect

Go to solution
Fabio Bustamante
Level 1
Level 1

‎04-08-2019 09:23 AM - edited ‎02-21-2020 09:01 AM

Hi

 

Is there a way to lock the URL that is configured on Cisco AnyConnect for VPN RA? We have deployed the client on many machines, including the AnyConnectProfile.xml, where we are setting the URL:

 

<ServerList>
  <HostEntry>  

     <HostName>URL-NAME</HostName>
  <HostAddress>URL</HostAddress>
    </HostEntry>

 

We don't want users to be able to modify this URL, we would like them to just open the AnyConnect client and click connect, so they can be assigned to an specific Tunnel-Group. I have tried to modify the XML but I cannot find a way. Anyone has ever done this?

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ben Walters
Level 3
Level 3

‎04-08-2019 10:23 AM - edited ‎04-08-2019 10:24 AM

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

View solution in original post

3 Replies 3

Go to solution
Ben Walters
Level 3
Level 3

‎04-08-2019 10:23 AM - edited ‎04-08-2019 10:24 AM

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

Go to solution
Fabio Bustamante
Level 1
Level 1
In response to Ben Walters

‎04-08-2019 11:48 AM

That is exactly what I was looking for. Thanks a lot Ben, I've tested it, and it's indeed not letting the user modify the URL. Thank you.

0 Helpful

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎04-08-2019 10:30 AM

You can control this in your Anyconnect client profile. The setting you are looking for is called "Allow Manual Host Input".

 

vpn.PNG

 

Uncheck this box.  Also, note that the XML file is under hidden folders on the workstation so unless the end user knows that they are doing they should not be able to modify your xml profile.  

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card