Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
930
Views
0
Helpful
3
Replies

AnyConnect Essentials FAQ

Jay233
Level 1
Level 1

‎10-31-2017 01:53 AM - edited ‎02-21-2020 10:37 AM

Hi All,

 

Simple question regarding Cisco AC ver 4.4 and 4.5 using VPN, NAM and Posture (System Scan)

I have used the appropriate editors to edit my profiles, the solution works for both VPN and wired connectivity but my question is:

Advanced Window in the actual Cisco AC on each client, I can alter the preferences of the VPN and Posture modules although I have check the profile and its not allowed?

E.G. VPN Mod

  • Minimize AnyConnct on VPN connect 
  • Allow local (LAN) access when using VPN (if configured)
  • Disable captive portal detection

Posture Mod:

  • Block connections to untrusted servers

Does anyone have some info on how I can restrict the preferences for the above, and also give a brief summary on what they actually do.

Thanks in advance for any replies.

 

 

Labels:
0 Helpful
3 Replies 3

Rahul Govindan
VIP Alumni
VIP Alumni

‎10-31-2017 09:17 AM

If you uncheck the "User Controllable" option under the Anyconnect VPN profile editor, this setting should not be available for the user to change. But I have seen that if you have multiple profiles with same server in the folder, the change may not be reflected as profile settings are usually merged.

 

Also, are you updating the profile from the ASA or ISE? If this setting is enabled there, the local client profile will be updated on successful connection. Could you share the profile on this thread and remove any sensitive info?

0 Helpful

Jay233
Level 1
Level 1
In response to Rahul Govindan

‎10-31-2017 10:14 AM

Hi Rahul,

I have unchecked  "User Controllable"for all modules, we are editing the XML files offline then including into the new build process via SCCM.

Not sure what to mean by same server?

Thanks Jason

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Jay233

‎11-01-2017 04:11 AM

I meant 2 profiles having the same VPN server hostname or ip address. IF you have just one profile then it should not matter.
Another thing to look at is the Preferences file. It should be located at "C:\Users\<local user>\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml". Try deleting this file, quit and restart the Anyconnect. These also keep controllable preferences settings from previous connection attempts.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents