cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2393
Views
20
Helpful
3
Replies
Highlighted

Lock URL on Cisco AnyConnect

Hi

 

Is there a way to lock the URL that is configured on Cisco AnyConnect for VPN RA? We have deployed the client on many machines, including the AnyConnectProfile.xml, where we are setting the URL:

 

<ServerList>
  <HostEntry>  

     <HostName>URL-NAME</HostName>
  <HostAddress>URL</HostAddress>
    </HostEntry>

 

We don't want users to be able to modify this URL, we would like them to just open the AnyConnect client and click connect, so they can be assigned to an specific Tunnel-Group. I have tried to modify the XML but I cannot find a way. Anyone has ever done this?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Participant

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

View solution in original post

3 REPLIES 3
Highlighted
Participant

There is a property in the xml called AllowManualHostInput within the ClientInitialization tag, this would allow users to type in their own URL for the VPN connection, if you set that to false they will only be able to connect to VPN connections in the drop down list in AnyConnect. 

<AllowManualHostInput>false</AllowManualHostInput>

 

Also, I believe newer AnyConnect versions (we use 4.5) lock down the profile path in windows to only allow administrators read/write/modify access so users can't manually change their xml files. 

 

Hopefully this is helpful. 

 

View solution in original post

Highlighted

That is exactly what I was looking for. Thanks a lot Ben, I've tested it, and it's indeed not letting the user modify the URL. Thank you.

Highlighted
VIP Advocate

You can control this in your Anyconnect client profile. The setting you are looking for is called "Allow Manual Host Input".

 

vpn.PNG

 

Uncheck this box.  Also, note that the XML file is under hidden folders on the workstation so unless the end user knows that they are doing they should not be able to modify your xml profile.  

Content for Community-Ad