Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2389
Views
0
Helpful
4
Replies

SBL Feature for Anyconnect Not working

vishnurnth1
Level 1
Level 1

‎08-21-2016 11:54 PM - edited ‎02-21-2020 08:56 PM

Hi All,

I am trying to configure SBL ( Startup before Login ) Feature for Anyconnect with Windows 7, Followed the below steps,

- Downloaded the anyconnect for Windows - Full installation package - Windows / Head-end deployment (PKG)

- Basic Configuration for anyconnect has been done, ( Am able to connect with anyconnect once the PC is ON. )

-Added the below configuration under Group-Policy

group-policy GROUP_POLICYNAME attributes

webvpn

anyconnect modules value vpngina

anyconnect profiles value abcravpn type user

Edited the XML Profile and made the same as below, the same got downloaded post connecting.

<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>

Still the anyconnect is not showing in the lock window when the system is restarted, please let me know if i am following correct method and using the correct PKG file for anyconnect.

Do i need to make any changes in the PC ?

Thank you,

Vishnu

Labels:
Preview file
494 KB
0 Helpful
4 Replies 4

Vishnu Sharma
Level 1
Level 1

‎08-22-2016 02:08 AM

Hi Vishnu,

Please check if the XML profile has been downloaded properly on your machine or not. You can visit this location to verify the profile: C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile.

Moreover we recommend certificate based authentication for the SBL to work. Please check if you have these two in place.

Thanks,

Vishnu

0 Helpful

vishnurnth1
Level 1
Level 1
In response to Vishnu Sharma

‎08-22-2016 02:57 AM

Hi Vishnu Sharma,

Yes the XML profile has been downloaded Properly and the same is saved in the location : C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

We are currently trying to authenticate with AD username and Password,

Also the Icon is not getting displayed in the Lock screen for the Anyconnect. Do we need to do any finetune in Windows 7 user PC ?

Thank you,

Vishnu

0 Helpful

vishnurnth1
Level 1
Level 1

‎08-30-2016 03:56 PM

Hello All,

This issue has been resolved, We can achieve the same with SELF SIGNED CERTIFICATE ALSO,

for that please follow the below method in WINDOWS PC, (tested with Win 7)

  1. Download the Self Signed certificate from the Browser

Go to RUN -> MMC

  1. File -> Add/Remove Snap in
  2. Select Certificate -> ADD -> My User Account
  3. Certificate -> ADD -> Computer Account
  4. Under the CONSOLE FOLDER, select CERTIFICATE->CURRENT USER->TRUSTED ROOT CERTIFICATE->CERTIFICATES->IMPORT ( Import the certificate Which we saved Before)
  5. CERTIFICATE->LOCAL COMPUTER->RUSTED ROOT CERTIFICATE->CERTIFICATES->IMPORT

Also please find the below attached document for the same,

Once the above is done, we will be able to successfully connect anyconnect Bofore Login.

Thank you,

Vishnu

Preview file
334 KB
0 Helpful

Vishnu Sharma
Level 1
Level 1
In response to vishnurnth1

‎08-31-2016 02:25 AM

Hi Vishnu,

Glad to hear that the issue is resolved. I mentioned in my first response that we will need certificates to make it to work and you used the same thing. Thanks for sharing the steps. It will definitely help other people facing the same issue. 

Vishnu

0 Helpful
Customers Also Viewed These Support Documents