Cisco Anyconnect Profile

JInjieMai63398 · ‎08-26-2020

Hi,

I am using command line version of Anyconnet on Linux. As I am using SSH to operate the machine, it pops up with following.

>> state: Disconnecting
  >> notice: Disconnect in progress, please wait...
  >> error: VPN establishment capability for a remote user is disabled.  A VPN connection will not be established.

So I managed to edit the profile in /opt/cisco/anyconnect/profile/ to allow remote users

 1	<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
     2	  <ClientInitialization>
     3	    <LinuxLogonEnforcement>SingleLocalLogon</LinuxLogonEnforcement>
     4	    <LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
     5	  </ClientInitialization>
     6	  <ServerList>
     7	    <HostEntry>
     8	      <HostName>VPN 1</HostName>
     9	      <HostAddress>example</HostAddress>
    10	    </HostEntry>
    11	
    12	    <HostEntry>
    13	      <HostName>VPN 2</HostName>
    14	      <HostAddress>vpn2.example.com</HostAddress>
    15	    </HostEntry>
    16	  </ServerList>
    17	</AnyConnectProfile>

After I restarted Cisco Anyconnect & rebooted the machine, I still got the same errors. So anyone can help ? Thanks.

Marvin Rhoads · ‎08-27-2020

Please repost as a discussion thread, not a blog.

balaji.bandi · ‎08-27-2020

have you changed example.com to (real VPN FQDN) - is that reachable from command level Linux

ping vpn1.domain.com ?

below guide may help you :

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/214612-configure-anyconnect-secure-mobility-cli.html

Cisco Anyconnect Profile

AnyConnect Certificate Based Authentication.

Getting past intermittent/unexplained 802.1x problems on Windows 7

Insights About Multiple Vulnerabilities in Cisco Discovery Protocol Implementations (CDPwn)