I'd like to ask you if you would know any hint what I'm missing or was not able to get from docs. I'm trying to enable OnConnect script which would run gpupdate once VPN connection is successfully established.
From configuration point of view it should be quite easy, but...
My requirements is to have script locally distributed by our packaging system, basically I don't want to have script locally stored on the ASA so anyone who would connect will download it from ASA VPN. Actually this kind of distribution seems to be working fine (so far what I've tried).
I got problems when script is distributed to clients by our client management system (SCCM).
I have defined AnyConnect profile (.xml) - defined by VPN profile editor, update with below and also actual script (testing one, just Hello World which is executable from CLI): - that should be enough to order anyconnect to run a script OnConnect if available (OnConnect_myscript.vbs) C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Script C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile Contains: <EnableScripting UserControllable="false">true <TerminateScriptOnNextEvent>false</TerminateScriptOnNextEvent> <EnablePostSBLOnConnectScript>false</EnablePostSBLOnConnectScript> </EnableScripting>
We have our VPN served by ASA5540 running version 8.4(4)1 I know that there might be some delay so I added into script delay for 5s.
Is there anything specific what I've missed and needs to be allowed on the ASA VPN device? Any kind of configuration etc..?
What I've also seen is, that when I'm connecting to VPN with anyconnect then on client event viewer I might see some really strange behaviour. There is EventID 3010, which shows what profile and values have been loaded by AnyConnect, where at the beginning I might see it load correct profile (C:\ProgramData\Cisco...\Profile\profile.xml), but after a while I can see that such profile was loaded again, but with DEFAULT values --> scripting disabled, which I do believe is a problem that such script is not executed.
Chronological order (just summary of important events): Source - acvpnagent 1)EventID-3001 9:01:21 Loading preferences for the current user from profile C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\eursslvpn.xml 2)EventID-3010 9:01:21 Current Preference settings (they are taken from .xml loaded file and they match) Source - acvpnui + acvpndownloader 3)EventID1 9:01:56 Loaded profiles: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\eursslvpn.xml 4)EventID3010 9:01:56 Current preference settings --> they are default, do NOT match what is defined in loaded profile .xml
Do you know what are those Source processes: acvpnagent, acvpnui, acvpndownloader and what are differences between them or they actual impact on process of anyconnect VPN establishment?
Earlier this year, we released Cisco Identity Services Engine (ISE) 2.6. It delivered a broad new set of features and greater scale - a big stride for both better NAC services that ISE delivers and better Software-Defined Access. Today, we’re thril...
Integrating Cisco Identity Services Engine with Cisco Meraki Systems Manager
Technical Marketing Engineer, Cisco Systems, Inc.
Cisco Meraki Systems Manager is a cloud base endpoint management solu...
Existing customers may download the Cisco Identity Services Engine (ISE) 2.7 which was released on November 18, 2019. For 90-day evaluations of ISE, please see How to Get ISE Evaluation Software & Licenses.
ISE 2.7 Guest Access Management Features
The following document explains the guest features of ISE 2.7. For more detail of what ISE 2.7 has to offer please check the associated documentation.
Auto Login on Sponsor Approval
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...