cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7803
Views
5
Helpful
7
Replies

Anyconnect Connection Tab Combo Box Dont Keep List of Gateways

leo.espinosa
Level 1
Level 1

Hi:

It is possible to configure a list of gateways for Anyconnect in the Connection Tab or we have to enable some option.

We have to establish several VPN to differents ASA and the combo box in Conenction Tab is only filled with the last connection and some engineers complaint about that because with the VPN Client we could create profile, keep it configured and there was no need to remember ip addresses.

Regards

Leo.

1 Accepted Solution

Accepted Solutions

Todd Pula
Level 7
Level 7

You can use an AnyConnect XML profile to prepopulate the host list that you are referring to.  Sample profile output as well as feature details can be found at the link below.

http://www.cisco.com/en/US/partner/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac03features.html#wp1064149

View solution in original post

7 Replies 7

Todd Pula
Level 7
Level 7

You can use an AnyConnect XML profile to prepopulate the host list that you are referring to.  Sample profile output as well as feature details can be found at the link below.

http://www.cisco.com/en/US/partner/docs/security/vpn_client/anyconnect/anyconnect24/administration/guide/ac03features.html#wp1064149

Hi,

The referenced document is apparently secured within Cisco. I have the same problem, but I am not the Cisco admin for the VPNs - I am simply an end user who needs to access various AnyConnect sites across different domains. Can you post the process in clear text?

Thanks,

Ed.

The above referenced config is something that will typically be configured and enabled on the head end ASA or IOS router by an administrator.  The XML file will then be pushed down to the users during a connection attempt.  Please find the attached PDF for your reference.

Todd,

Thanks for the amazingly quick response.

After perusing the document I was able to configure an XML file that allows me to define multiple site connections and they appear in the drop down box of the connection dialog. However, I am a programmer and understand XML encoding.

While I have used AnyConnect to connect to a remote site for about a year, I have not had to connect to multiple sites until today. We have engineers (classical, not software) in our faciltiy that provide support to several distinct clients with different VPN connections. When I asked them how to connect to different sites, the response was that the FQDN needed to be manually entered for each site when the connection was established. I  find it hard to believe that Cisco assumes that all users of VPN connections will only ever connect to a single site.There should be a means to either remember the connections or provide a means of entering the information through a configuration dialog. This was/is available in the Cisco VPN Client software (I have at least 12 different connections in my list).

Thanks,

Ed.

AnyConnect profiles are not usually something that an end user will configure.  The VPN admin will configure the profile with relevant host entries and AnyConnect features and then publish it to the head end VPN device.  The config file will then be pushed down to the connecting clients based on a group policy configuration.  With this approach, common things like host entries can be prepopulated without the need for end user intervention.  Manually requiring users to enter FQDNs for each and every gateway is a tedious process which this feature helps to automate.

Todd,

I understand how the connection would work for users of a particular head end where the connection list may include several alternate sites. My reference is where I need to connect to several different head ends managed by different groups in different companies or agencies. For example, I need to connect with our customers that are agencies in different cities. Each city maintains its own VPN connection that is distinct from each other. This causes a couple of problems.

1) When I follow the AnyConnect installation instructions from a customer's IT group, it overwrites whatever configuration I had in place for any previous customer.

2) If I want to add a new customer to my list of known AnyConnect VPN connections, using the process described above, I need to modify the XML file (which I hope is not overwritten by the next customer installation).

The corollary for the Cisco VPN Client is the use of PCF profiles. Normally, an end user would only need or care about a single profile so they would only have one PCF file. On the other hand, advanced users or support staff may need multiple profiles and use multiple PCF files to connect to several VPNs.

Thanks,

Ed.

Thank you for clarifying and yes I would agree that the profiles may not be ideal in this situation.  There are a few active bugs related to changing the profile selection process on the client but the capability is not there yet in the latest AnyConnect 2.5 release.

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsv49773

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: