cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2649
Views
0
Helpful
2
Replies
Younes Chafi
Beginner

Cisco Anyconnect NAM & Core without VPN module

Hi,

 

we want to install the NAM module to use EAP chaining (user & machine authentication), when we want to install the NAM msi file by itself, it asks us to install the Core module, but when we install the Core module, it integrates the automatic VPN module, and it displays both modules, while the VPN is not desirable.

 

Anyconnect1.pngAnyconnect12.png

FYI, we use MSI files for use in SCCM and GPOs, we use Anyconnect 4.8.

 

On the other hand when we install through setup.exe, and we just select the NAM, it installs it alone, on the other hand the problem is that it is not possible to use the .exe file in SCCM or GPO

 

my question is : Is it possible to hide the VPN module?

 

Regards,

1 ACCEPTED SOLUTION

Accepted Solutions
Rob Ingram
VIP Mentor

Hi,

See reference here for more information. The Network Access Manager, Web Security, and Umbrella Roaming Security modules can run as standalone applications. The AnyConnect core client is installed, but the VPN and AnyConnect UI are not used.

 

Deploying Stand-Alone Modules with an SMS on Windows

Procedure

 

Step 1

Disable VPN functionality by configuring your software management system (SMS) to set the MSI property PRE_DEPLOY_DISABLE_VPN=1. For example:

msiexec /package anyconnect-win-version-predeploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 /lvx* <log_file_name>

The MSI copies the VPNDisable_ServiceProfile.xml file embedded in the MSI to the directory specified for profiles for VPN functionality.

Step 2

Install the module. For example, the following CLI command installs NAM:

msiexec /package anyconnect-win-version-nam-predeploy-k9.msi /norestart /passive /lvx* c:\test.log

Step 3

(Optional) Install DART.

misexec /package annyconnect-win-version-dart-predeploy-k9.msi /norestart /passive /lvx* c:\test.log

Step 4

Save a copy of the obfuscated client profile to the proper Windows folder.

Step 5

Restart the Cisco AnyConnect service.

 

HTH

View solution in original post

2 REPLIES 2
Rob Ingram
VIP Mentor

Hi,

See reference here for more information. The Network Access Manager, Web Security, and Umbrella Roaming Security modules can run as standalone applications. The AnyConnect core client is installed, but the VPN and AnyConnect UI are not used.

 

Deploying Stand-Alone Modules with an SMS on Windows

Procedure

 

Step 1

Disable VPN functionality by configuring your software management system (SMS) to set the MSI property PRE_DEPLOY_DISABLE_VPN=1. For example:

msiexec /package anyconnect-win-version-predeploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 /lvx* <log_file_name>

The MSI copies the VPNDisable_ServiceProfile.xml file embedded in the MSI to the directory specified for profiles for VPN functionality.

Step 2

Install the module. For example, the following CLI command installs NAM:

msiexec /package anyconnect-win-version-nam-predeploy-k9.msi /norestart /passive /lvx* c:\test.log

Step 3

(Optional) Install DART.

misexec /package annyconnect-win-version-dart-predeploy-k9.msi /norestart /passive /lvx* c:\test.log

Step 4

Save a copy of the obfuscated client profile to the proper Windows folder.

Step 5

Restart the Cisco AnyConnect service.

 

HTH

View solution in original post

Its Working, i can install the Anyconnect without the VPN module.

 

Thank you RJI.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (36%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel