Solved: Cisco Anyconnect NAM & Core without VPN module

Younes Chafi · ‎04-12-2020

Hi,

we want to install the NAM module to use EAP chaining (user & machine authentication), when we want to install the NAM msi file by itself, it asks us to install the Core module, but when we install the Core module, it integrates the automatic VPN module, and it displays both modules, while the VPN is not desirable.

FYI, we use MSI files for use in SCCM and GPOs, we use Anyconnect 4.8.

On the other hand when we install through setup.exe, and we just select the NAM, it installs it alone, on the other hand the problem is that it is not possible to use the .exe file in SCCM or GPO

my question is : Is it possible to hide the VPN module?

Regards,

Rob Ingram · ‎04-12-2020

Hi,

See reference here for more information. The Network Access Manager, Web Security, and Umbrella Roaming Security modules can run as standalone applications. The AnyConnect core client is installed, but the VPN and AnyConnect UI are not used.

Deploying Stand-Alone Modules with an SMS on Windows

Procedure

Step 1

Disable VPN functionality by configuring your software management system (SMS) to set the MSI property PRE_DEPLOY_DISABLE_VPN=1. For example:

msiexec /package anyconnect-win-version-predeploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 /lvx* <log_file_name>

The MSI copies the VPNDisable_ServiceProfile.xml file embedded in the MSI to the directory specified for profiles for VPN functionality.

Step 2	Install the module. For example, the following CLI command installs NAM: msiexec /package anyconnect-win-version-nam-predeploy-k9.msi /norestart /passive /lvx* c:\test.log
Step 3	(Optional) Install DART. misexec /package annyconnect-win-version-dart-predeploy-k9.msi /norestart /passive /lvx* c:\test.log
Step 4	Save a copy of the obfuscated client profile to the proper Windows folder.
Step 5	Restart the Cisco AnyConnect service.

HTH

View solution in original post

Rob Ingram · ‎04-12-2020

Hi,