09-30-2013 07:18 PM
Hello,
We have been running Barracuda VPN appliance and would like to start using Cisco's VPN(AnyConnect) options. I have set up everything and am able to connect through AnyConnect VPN tunnel. My question is that, in Barracuda we used "Lan1 Client" to automatically map the active directory user drives and those files show up in My Computer under those drives. What do we need to do to get those drives without having to join the domain using Cisco ASA?
I looked through all over but haven't found any documents or discussion regarding this. I will greatly appreciate any feedback.
09-30-2013 11:37 PM
AnyConnect carries on the Cisco tradition of "SBL" Start Before Logon" the user has to initiate the AnyConnect VPN before they logon and anuthenticate to the machine. SBL allows a VPN to be connected to the corperate environment - once connected the user logs in like they were connected on the LAN, all drives and services work as normal.
See the below link....
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00809f0d75.shtml
I finished a project 3 months ago to roll this out for 5000+ users - it works very well.
10-02-2013 11:49 AM
Thanks Andrew. Just to clarify, Does this method still require the remote client to join the Domain? I didn't see this information.
10-03-2013 01:14 AM
Hi,
Yes - ideally the machine would already be part of the domain. And the user has their credentials cached on the machine. When logged into the SBL, the machine looks like its locally connected on the LAN and the domain.
10-04-2013 01:15 PM
Hi Andrew,
Thank you. I have set it up however, it is giving me this error when I try to use SBL feature:
"AnyConnect cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network."
It has something to do with the certificate but I haven't been able to fix it. Most of the solutions on the web are for Linux.
10-07-2013 10:59 AM
HI,
You need to do 2 things:-
1) create a "persistant self signed certificate in the ASA" - see below URL.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml
2) Once you have the cert - you need to install them in the laptops "local machine certificate store"
The certificate cannot be installed in any other location - as the anyconnect software needs to access the machine, before anyone logs in.....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide