05-18-2015 07:51 AM - edited 03-12-2019 05:46 PM
Dear Team
based on clients requirement, we only want to deploy wired & wireless 802.1x and Posture Services for employees. for this we are using
Network Access Manager & Posture Modules.
We downloaded the iso file and it has all the needed modules, however when i take Posture Module, VPN Module is automatically selected. is there a way to select only NAM & Posture modules ( i understand that AnyConnect Secure Mobility Client is the core component that needs to be installed first.
Further what is the best way to push the AnyConnect clients to the PCs, (Manual or through MSI)
Any help will be highly appreciated.
Thanks
Ahad
05-18-2015 11:31 AM
The VPN module, is also the base component of AnyConnect, so you should install the VPN module first, and if you don't need the actual VPN functionality, you can run the msi with the option to disable VPN. Then you can run the posture and the nam modules.
All the info you need is here :
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/b_AnyConnect_Administrator_Guide_chapter_011.html#ID-1408-00000086
05-18-2015 10:41 PM
Hi Jan
Thanks for your valuable time, as such client is not much familiar with msiexec.exe. they are installing it manually, so is there any option to rule put vpn module when it is installed manually.
Regards
Ahad
05-18-2015 05:00 PM
Ahad,
There's a bug (unpublished last I checked) that causes the VPN tile to display even though you've deselected it.
There's a workaround that you should be able to get from the TAC. Please refer them to bug ID "CSCur22131: Discrepancy with VPN module appearing on client when it is de-selected"
Update - I noticed the AnyConnect 4.1 Admin Guide has the following note:
"When configuring the AnyConnect Configuration object in ISE, unchecking the VPN module under AnyConnect Module Selection does not disable the VPN on the deployed/provisioned client. You must configure VPNDisable_ServiceProfile.xml to disable the VPN tile on AnyConnect GUI. VPNDisable_ServiceProfile.xml is on CCO with the other AnyConnect files."
...I don't see that xml file on the AnyConnect 3.x, 4.x or ISE download pages though.
05-18-2015 10:37 PM
Hi Marvin
Thanks for your valuable time, i will see the possibility to approach TAC for this issue, as we are targeting only 802.1x & Posture. As such we are using Anyconnect 3.x
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide