cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
267
Views
0
Helpful
4
Replies
Beginner

AnyConnect Modules - NAM & Psoture

Dear Team

based on clients requirement, we only want to deploy wired & wireless 802.1x and Posture Services for employees. for this we are using

Network Access Manager & Posture Modules.

We downloaded the iso file and it has all the needed modules, however when i take Posture Module, VPN Module is automatically selected. is there a way to select only NAM & Posture modules ( i understand that AnyConnect Secure Mobility Client is the core component that needs to be installed first.

Further what is the best way to push the AnyConnect clients to the PCs, (Manual or through MSI)

Any help will be highly appreciated.

Thanks

 

Ahad

 

 

4 REPLIES 4
Rising star

The VPN module, is also the

The VPN module, is also the base component of AnyConnect, so you should install the VPN module first, and if you don't need the actual VPN functionality, you can run the msi with the option to disable VPN. Then you can run the posture and the nam modules.

All the info you need is here :

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/b_AnyConnect_Administrator_Guide_chapter_011.html#ID-1408-00000086

 

Beginner

Hi JanThanks for your

Hi Jan

Thanks for your valuable time, as such client is not much familiar with msiexec.exe. they are installing it manually, so is there any option to rule put vpn module when it is installed manually.

Regards

 

Ahad

Hall of Fame Master

Ahad,There's a bug

Ahad,

There's a bug (unpublished last I checked) that causes the VPN tile to display even though you've deselected it.

There's a workaround that you should be able to get from the TAC. Please refer them to bug ID "CSCur22131: Discrepancy with VPN module appearing on client when it is de-selected"

 

Update - I noticed the AnyConnect 4.1 Admin Guide has the following note: 

"When configuring the AnyConnect Configuration object in ISE, unchecking the VPN module under AnyConnect Module Selection does not disable the VPN on the deployed/provisioned client. You must configure VPNDisable_ServiceProfile.xml to disable the VPN tile on AnyConnect GUI. VPNDisable_ServiceProfile.xml is on CCO with the other AnyConnect files."

...I don't see that xml file on the AnyConnect 3.x, 4.x or ISE download pages though.

Beginner

Hi MarvinThanks for your

Hi Marvin

Thanks for your valuable time, i will see the possibility to approach TAC for this issue, as we are targeting only 802.1x & Posture. As such we are using Anyconnect 3.x