cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15960
Views
40
Helpful
11
Replies

Cisco AnyConnect NAM with profile editor

kamarale
Level 1
Level 1

Hello,I´m trying to use the anyconnect NAM with also the anyconnect profile editor for 802.1x
I created a profile (.xml) with the editor but I don´t know how to apply it to a client(anyconnect).
If anyone can give me some instructons I would appreciate it.

Thanks in advance.
Regards.

2 Accepted Solutions

Accepted Solutions

Amjad Abdullah
VIP Alumni
VIP Alumni

i hope this link is useful, it illustrates everything:

https://supportforums.cisco.com/docs/DOC-23117

Install and run the standalone profile editor (your second download); you only need the Network Access Manager component

     a. Once installed, open the profile editor and configure a new profile, e.g. allow EAP types, disable Wired port management, etc.

     b. File / Save as...

     c. Name the file configuration.xml. This naming convention is required

     d. Save the configuration file to the //Profiles/nam folder

3. Run the main Secure Mobility Client setup installer (setup.exe) from . This installs the AnyConnect framework and modules. Select the Network Access Manager modules. No other modules are necessary or required for managing wireless networks

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Mike.Cifelli
VIP Alumni
VIP Alumni

Software Download - Cisco Systems

Profile Editor (Windows)
tools-anyconnect-win-4.10.00093-profileeditor-k9.msi
 
FYSA: default install location on windows = C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager

View solution in original post

11 Replies 11

Tarik Admani
VIP Alumni
VIP Alumni

You will have to use a centralize software management solution in order to get this file out and in the proper location.

Thanks,

Tarik Admani

Isn´t it enough with the anyconnect NAM and the profile editor? What do you mean with "centralize software management solution" ?

Thanks.

To build the profile yes, however you need to push these files to all your clients and you need to distribute this xml to the rest of your organization.

For doing some testing you can modify the current xml that the profile editor is on and save and even some cases restart the machine for new changes to take effect. Which xml file are you modifying?

Thanks,

tarik Admani

Amjad Abdullah
VIP Alumni
VIP Alumni

i hope this link is useful, it illustrates everything:

https://supportforums.cisco.com/docs/DOC-23117

Install and run the standalone profile editor (your second download); you only need the Network Access Manager component

     a. Once installed, open the profile editor and configure a new profile, e.g. allow EAP types, disable Wired port management, etc.

     b. File / Save as...

     c. Name the file configuration.xml. This naming convention is required

     d. Save the configuration file to the //Profiles/nam folder

3. Run the main Secure Mobility Client setup installer (setup.exe) from . This installs the AnyConnect framework and modules. Select the Network Access Manager modules. No other modules are necessary or required for managing wireless networks

Amjad

Rating useful replies is more useful than saying "Thank you"

Thanks Amjad.

Regards.

Please me give me link to download nam profile editor. tnx.

Mike.Cifelli
VIP Alumni
VIP Alumni

Software Download - Cisco Systems

Profile Editor (Windows)
tools-anyconnect-win-4.10.00093-profileeditor-k9.msi
 
FYSA: default install location on windows = C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager

Hi Mike

i ran of my feet fighting failure to save customized configuration.xml in NewConfigFiles ending with Unable to sign & write file.

If i save config in different location & then copy it to NewConfigFiles & then restart AC file gets renamed into configuration_bad.xml. Editor is 4.10.

Parsing DART logs shows:

16: DESKTOP-36ABVFG: Oct 04 2021 19:22:09.471 -0100: %NAM-3-ERROR_MSG: %[tid=5308]: The configuration is invalid and will be ignored. Error: "allowUnauthPacProvisioning" tag is required.
....
19: DESKTOP-36ABVFG: Oct 04 2021 19:22:09.477 -0100: %NAM-6-INFO_MSG: %[tid=5308]: Invalid development version of configuration file.

....

 

 

& yeah there is no option "If using PACs, allow unauthenticated PAC provisioning" in editor 4.10 (& i havnt other)

 

Mike.Cifelli
VIP Alumni
VIP Alumni

@andy!doesnt!like!uucp 

 

If i save config in different location & then copy it to NewConfigFiles & then restart AC file gets renamed into configuration_bad.xml. Editor is 4.10.

-This typically means that something is goofed in the xml file based on what you configured.  Hence why it gets renamed to configuration_bad.xml.  My suggestion would be to try replacing the configuration.xml with your new one under the main location on 1 test client: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\system

 

If you get the same error try recreating a new xml profile and focus on your settings.  HTH!

hi Mike

it ends in the same manner: configuration.xml gets renamed into *_bad.xml with the same error:

13: DESKTOP-36ABVFG: Oct 04 2021 18:37:30.145 -0100: %NAM-6-INFO_MSG: %[tid=33044]: Invalid development version of configuration file.
15: DESKTOP-36ABVFG: Oct 04 2021 18:37:30.148 -0100: %NAM-4-WARNING_MSG: %[tid=33044]: The configuration is invalid and will be ignored. Error: User Configuration (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Network Access Manager\system\/userConfiguration.xml) file not found - only user configuration will be ignored.
...

 

it looks like NAM is not happy with absence of mentioned above option, but editor dosnt have it in the place where it should be...

now i'm sure the absence of "allowUnauthPacProvisioning" is a root cause: i unchecked "use PACs" & after that profile has been consumed by NAM.

wth.? why "if use PACs allowUnauthPacProvisioning" is absent in the editor?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: