Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
66147
Views
15
Helpful
6
Replies

AnyConnect password saved?

Shannon Sutter
Level 1
Level 1

‎03-23-2010 09:15 AM - edited ‎02-21-2020 04:34 PM

Just wondering if there is any way to configure AnyConnect to stored the user's password instead of asking for it every time I try to connect to the session.

I looked on the ASA AnyConnect GP but couldn't find anything.

Let me know if it is possible.

Thanks

Labels:
0 Helpful
6 Replies 6

ksirupa
Level 3
Level 3

‎03-23-2010 01:59 PM

We don't have an option for AnyConnect to remember passwords. Some alternatives

1. Use certificate authentication and issue user certificates (Either with external CA server or using Local CA on ASA). Then, user will never have to enter passwords.

2. Alternatively, Enable "Auto Reconnect after Resume" in the AnyConnect profile so that AnyConnect can resume VPN during short network connectivity loss or when user roams from one wi-fi to other wi-fi, or from wi-fi to wired or 3G etc. This will remove user frustration. But, they will have to still enter username/password for the first time. I use my AnyConnect in this form and typically I don't have to disconnect the VPN for 4 days.

Read the below for profile editor:

http://www.networkworld.com/community/node/43773

Thanks,

kiran

Shannon Sutter
Level 1
Level 1
In response to ksirupa

‎03-23-2010 03:07 PM

Thanks for the information.

I would like to eable the "auto reconnect after resume", how do you add this to the profile?

I've downloaded the AnyConnect profie editor but I am not sure how to do this.

Do I need to edit  a profile and upload to the ASA?

0 Helpful

ksirupa
Level 3
Level 3
In response to Shannon Sutter

‎03-23-2010 10:41 PM

Yes, all the instructions were in that network world article, including screenshots.

In short:

1. Download the profile editor from CCO

2. Select your options (including Reconnect Behavior, Server List, Local Lan Access, Remote login policy, Start Before Login etc).

3. Save the XML and upload it to the disk on ASA.

4. Create an AnyConnect profile which uses the uploaded XML file.

5. Associate the AnyConnect profile with the Group policy. Network Client Access->Group Policy-->Advanced-->SSL VPN Client->Client Profile.

After this, whenever a user establishes AnyConnect for that Group Policy,they will download the new profile.

It is very powerful once you get a hang of it. Many future features will depend on this profile, so its worth the investment to understand this procedure in detail.

Thanks,

Kiran

Shannon Sutter
Level 1
Level 1
In response to ksirupa

‎03-24-2010 08:20 AM

Thank you for all the information.

I will work with the xml profiles then.

0 Helpful

bbaker
Level 1
Level 1

‎07-21-2010 10:14 AM

1. Use certificate authentication and issue user certificates (Either with external CA server or using Local CA on ASA). Then, user will never have to enter passwords.

For those Cisco Customers that must follow the PCI DSS (https://www.pcisecuritystandards.org ) Section 8.3 states:
8.3 Incorporate two-factor authentication for remote access  (network-level access originating from outside the network) to the network by employees, administrators, and third parties. Use technologies such as remote authentication and dial-in service (RADIUS); terminal access controller access control system (TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with individual certificates.

Thus using certificates alone would allow users to connect without prompting but does not meet the PCI requirement to use two factor authentication.Thus we still need some way for the password to be saved to fully automate connections.

2. Alternatively, Enable "Auto Reconnect after Resume" in the AnyConnect profile so that AnyConnect can resume VPN during short network connectivity loss or when user roams from one wi-fi to other wi-fi, or from wi-fi to wired or 3G etc. This will remove user frustration. But, they will have to still enter username/password for the first time. I use my AnyConnect in this form and typically I don't have to disconnect the VPN for 4 days.


The "auto reconnection after resume" feature does not seem to work after a reboot. Thus when users must reboot for whatever reason (applying security patches for instance) the client does not automatically reconnect and thus anything depending on the VPN connection fails until a human interceeds and re-enters the password.

The bottom line is that the Cisco IPSEC client has this feature so why doesn't AnyConnect?

Thanks

Brad

Bossy
Level 1
Level 1
In response to bbaker

‎04-05-2018 07:21 AM - edited ‎12-10-2024 04:08 AM

Is there any new trick in 2018 how to save password in AnyConnect iOS app ?

 

 

---

With gegards,

Alex Beq

VPN Privacy Service

Aeroshield

 

0 Helpful
Customers Also Viewed These Support Documents