Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
10
Helpful
4
Replies

Restrict AnyConnect to only specific VPN headend

peter.matuska1
Level 1
Level 1

‎01-17-2019 12:51 PM - edited ‎02-21-2020 09:32 PM

Hi,

the task is simple. Is it possible to use anyconnect VPN only with predefined VPN concentrators? So the users cannot type its own remote IP where they would like to connect.

thank you

Labels:
0 Helpful
4 Replies 4

Rob Ingram
VIP
VIP

‎01-17-2019 01:11 PM

Hi,

Yes you can restrict this. You need to disable "Allow Manual Host Input", this is enabled as default. You can either use the AnyConnect Profile Editor or alternatively modify the XML configuration file manually, and change true to false

 

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\

 

    <AllowManualHostInput>true</AllowManualHostInput>

 

HTH

peter.matuska1
Level 1
Level 1
In response to Rob Ingram

‎01-17-2019 11:01 PM

hi, great, this helps. And how about the vpncli.exe? I tried it and it worked.

thank you

0 Helpful

Rob Ingram
VIP
VIP
In response to peter.matuska1

‎01-18-2019 02:00 AM

Hi,
That's a good question....the only thing I can think of, is perhaps restricting the execution of the vpncli.exe file via a GPO in AD. I've not read any cisco documentation that indicates a way to stop the use of the application.

HTH
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents