cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


316
Views
15
Helpful
3
Replies

Lock URL on Cisco AnyConnect

Hi

 

Is there a way to lock the URL that is configured on Cisco AnyConnect for VPN RA? We have deployed the client on many machines, including the AnyConnectProfile.xml, where we are setting the URL:

 

<ServerList>
  <HostEntry>  

     <HostName>URL-NAME</HostName>
  <HostAddress>URL</HostAddress>
    </HostEntry>

 

We don't want users to be able to modify this URL, we would like them to just open the AnyConnect client and click connect, so they can be assigned to an specific Tunnel-Group. I have tried to modify the XML but I cannot find a way. Anyone has ever done this?

 

Thanks

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Participant

Re: Lock URL on Cisco AnyConnect

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

3 REPLIES 3
Highlighted
Participant

Re: Lock URL on Cisco AnyConnect

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

Re: Lock URL on Cisco AnyConnect

That is exactly what I was looking for. Thanks a lot Ben, I've tested it, and it's indeed not letting the user modify the URL. Thank you.

Rising star

Re: Lock URL on Cisco AnyConnect

You can control this in your Anyconnect client profile. The setting you are looking for is called "Allow Manual Host Input".

 

vpn.PNG

 

Uncheck this box.  Also, note that the XML file is under hidden folders on the workstation so unless the end user knows that they are doing they should not be able to modify your xml profile.