Can Anyconnect VPN Client and Anyconnect Secure Mobility Client coexist?

peterl · ‎12-01-2011

I do consulting for several firms that use Cisco Anyconnect as their VPN client of choice. One of my clients appears to have their new appliance configured to download the Anyconnect Secure Mobility Client automatically when the site is accessed. The installation forces an uninstall of the standard Anyconnect client from my Windows 7 computer and doesn't appear to come with any interface to manage different profiles.

I see three possibilities:

1) Have the two clients coexist. To do this I have to be able to prevent the uninstall and the clients would have to be able to be installed at the same time. Unlikely

2) Have one client but be able to configure it with multiple profiles. I expect that this would have to be the AnyConnect client rather than the mobility client so how do I prevent the Mobility client from installing and uninstalling the non mobility client?

3) Be able to add and manage multiple profiles with the Mobility client. Again how? As the client that installs appears to lack any interface for managing profiles.

My preference would be option 2

Herbert Baerten · ‎12-08-2011

Hi Peter,

first of all, option 1 is not possible, you cannot have v2 and v3 installed at the same time (note that the full official naming is different, and Mobility Client effectively is much more than a VPN client now, so I'm simplifying it a bit but as far as VPN is concerned you can just view them as Anyconnect VPN client version 2 and Anyconnect VPN client version 3).

As for option 3, this is probably the easiest because v3 is backward compatible with v2.

Option 2 should be possible as well, but why would you want to stay with v2? If you really want to, check "

Q. Is it possible to turn off the automatic AnyConnect upgrade via ASA?"

As for "managing profile" I'm not sure what you mean exactly. In either case, profiles pushed by your head-end will be stored in your profile directory (the location is different on XP vs vista/win7 but search for a dir name "profile").

Normally, the client will then list all the hosts it finds in all the profiles; e.g. if you connect to companyA and it pushes profileA containing hostnameA, and you connect to companyB which pushes profileB containing hostnameB then your profile directory should contain profileA.xml and profileB.xml, and when you start the client you should see both hostnameA and hostnameB in the dropdown box.

If one (or both) of the head ends do not push a profile, you can create one yourself, either manually or with the standalone profile editor (should be in the same section a the AC v3 client in the download area on cisco.com).

hth

Herbert

barbpassman · ‎12-08-2011

My situation is similar as Mr. Leroux.

However, my employer, for which I use V2 to tunnel into my workstation, is conservative and WiLL NOT allow me to use V3. The IT dept "we use V2, we have not tested V3 with our servers" etc etc.

So, My employer requires me to use V2

MY volunteer work now require me to use a VPN and the organization for which I volunteer uses V3!

I am on a Mac (OSX10.7.2) and I am clueless where the "connection entitiies" exist in the Library or System folders.

So even if I can bet my volunteer organization to reconfiigure its connection entity for me to use wtih V2, I would not know where to put it; I would gladly use V2 if I can

( My volounteer organization has us using V3 and then once the connection is established we enter a specific URL in a browser window and thus connect to the database we need to use.

My employer, uses V2 and then I use Remote Deskotop (Microsoft) to actually log into my workstation in my office via its IP address

Two very different seeming methods of connecting.)

My only recourse is to run V3 in a virtual machine (which I can do) and leave my employer's V2 set up on my Mac,undisturbed