cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

588
Views
0
Helpful
3
Replies
Highlighted
Beginner

AnyConnect Essentials FAQ

Hi All,

 

Simple question regarding Cisco AC ver 4.4 and 4.5 using VPN, NAM and Posture (System Scan)

I have used the appropriate editors to edit my profiles, the solution works for both VPN and wired connectivity but my question is:

Advanced Window in the actual Cisco AC on each client, I can alter the preferences of the VPN and Posture modules although I have check the profile and its not allowed?

E.G. VPN Mod

  • Minimize AnyConnct on VPN connect 
  • Allow local (LAN) access when using VPN (if configured)
  • Disable captive portal detection

Posture Mod:

  • Block connections to untrusted servers

Does anyone have some info on how I can restrict the preferences for the above, and also give a brief summary on what they actually do.

Thanks in advance for any replies.

 

 

3 REPLIES 3
Highlighted
VIP Advocate

Re: AnyConnect Essentials FAQ

If you uncheck the "User Controllable" option under the Anyconnect VPN profile editor, this setting should not be available for the user to change. But I have seen that if you have multiple profiles with same server in the folder, the change may not be reflected as profile settings are usually merged.

 

Also, are you updating the profile from the ASA or ISE? If this setting is enabled there, the local client profile will be updated on successful connection. Could you share the profile on this thread and remove any sensitive info?

Highlighted
Beginner

Re: AnyConnect Essentials FAQ

Hi Rahul,

I have unchecked  "User Controllable"for all modules, we are editing the XML files offline then including into the new build process via SCCM.

Not sure what to mean by same server?

Thanks Jason

Highlighted
VIP Advocate

Re: AnyConnect Essentials FAQ

I meant 2 profiles having the same VPN server hostname or ip address. IF you have just one profile then it should not matter.
Another thing to look at is the Preferences file. It should be located at "C:\Users\<local user>\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml". Try deleting this file, quit and restart the Anyconnect. These also keep controllable preferences settings from previous connection attempts.