04-08-2019 09:23 AM - edited 02-21-2020 09:01 AM
Hi
Is there a way to lock the URL that is configured on Cisco AnyConnect for VPN RA? We have deployed the client on many machines, including the AnyConnectProfile.xml, where we are setting the URL:
<ServerList>
<HostEntry>
<HostName>URL-NAME</HostName>
<HostAddress>URL</HostAddress>
</HostEntry>
We don't want users to be able to modify this URL, we would like them to just open the AnyConnect client and click connect, so they can be assigned to an specific Tunnel-Group. I have tried to modify the XML but I cannot find a way. Anyone has ever done this?
Thanks
Solved! Go to Solution.
04-08-2019 10:23 AM - edited 04-08-2019 10:24 AM
There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect.
<AllowManualHostInput>false</AllowManualHostInput>
Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files.
Hopefully this is helpful.
04-08-2019 10:23 AM - edited 04-08-2019 10:24 AM
There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect.
<AllowManualHostInput>false</AllowManualHostInput>
Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files.
Hopefully this is helpful.
04-08-2019 11:48 AM
That is exactly what I was looking for. Thanks a lot Ben, I've tested it, and it's indeed not letting the user modify the URL. Thank you.
04-08-2019 10:30 AM
You can control this in your Anyconnect client profile. The setting you are looking for is called "Allow Manual Host Input".
Uncheck this box. Also, note that the XML file is under hidden folders on the workstation so unless the end user knows that they are doing they should not be able to modify your xml profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide