Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
706
Views
0
Helpful
4
Replies

AnyConnect Modules - NAM & Psoture

MANSOORQ123
Level 1
Level 1

ā€Ž05-18-2015 07:51 AM - edited ā€Ž03-12-2019 05:46 PM

Dear Team

based on clients requirement, we only want to deploy wired & wireless 802.1x and Posture Services for employees. for this we are using

Network Access Manager & Posture Modules.

We downloaded the iso file and it has all the needed modules, however when i take Posture Module, VPN Module is automatically selected. is there a way to select only NAM & Posture modules ( i understand that AnyConnect Secure Mobility Client is the core component that needs to be installed first.

Further what is the best way to push the AnyConnect clients to the PCs, (Manual or through MSI)

Any help will be highly appreciated.

Thanks

 

Ahad

 

 

Labels:
0 Helpful
4 Replies 4

jan.nielsen
Level 7
Level 7

ā€Ž05-18-2015 11:31 AM

The VPN module, is also the base component of AnyConnect, so you should install the VPN module first, and if you don't need the actual VPN functionality, you can run the msi with the option to disable VPN. Then you can run the posture and the nam modules.

All the info you need is here :

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/b_AnyConnect_Administrator_Guide_chapter_011.html#ID-1408-00000086

 

0 Helpful

MANSOORQ123
Level 1
Level 1
In response to jan.nielsen

ā€Ž05-18-2015 10:41 PM

Hi Jan

Thanks for your valuable time, as such client is not much familiar with msiexec.exe. they are installing it manually, so is there any option to rule put vpn module when it is installed manually.

Regards

 

Ahad

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

ā€Ž05-18-2015 05:00 PM

Ahad,

There's a bug (unpublished last I checked) that causes the VPN tile to display even though you've deselected it.

There's a workaround that you should be able to get from the TAC. Please refer them to bug ID "CSCur22131: Discrepancy with VPN module appearing on client when it is de-selected"

 

Update - I noticed the AnyConnect 4.1 Admin Guide has the following note: 

"When configuring the AnyConnect Configuration object in ISE, unchecking the VPN module under AnyConnect Module Selection does not disable the VPN on the deployed/provisioned client. You must configure VPNDisable_ServiceProfile.xml to disable the VPN tile on AnyConnect GUI. VPNDisable_ServiceProfile.xml is on CCO with the other AnyConnect files."

...I don't see that xml file on the AnyConnect 3.x, 4.x or ISE download pages though.

0 Helpful

MANSOORQ123
Level 1
Level 1
In response to Marvin Rhoads

ā€Ž05-18-2015 10:37 PM

Hi Marvin

Thanks for your valuable time, i will see the possibility to approach TAC for this issue, as we are targeting only 802.1x & Posture. As such we are using Anyconnect 3.x

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents