AnyConnect Profile Creation

metalhead41 · ‎03-10-2011

Hi I'm hoping someone out there could offer some input into this for me.

I've been tearing my hair out over this issue and can't seem to find any information on how to rectify it. When I try to add an AnyConnect Clent Profile via the ASDM (Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile) I get the following error:

"The following errors occurred while validating the xml file with the latest schema:
Invalid value constraint value 'false' in element 'SafeWordSOfTokenIntegration'."

I'm not too sure what I need to do in order to get this working so I can create a profile to get the AnyConnect software installed on Windows Mobile devices to stop them searching for product updates.

I am running AnyConnect version 2.5.2017, a Cisco ASA 5505 ASA version 8.3(1) and ASDM version 6.3(1)

If anyone can help to point me in the right direction I would be very appreciative.

Thanks,

Daniel

Jason Gervia · ‎03-10-2011

Daniel,

I'm not seeing that value(safeworsofttoken) in the schema file for Anyconnect 3.0 (I know you are using 2.5). How are you generating the profile? If simply editing it, I would remove the line that referenced it.

Also, check out the 'AnyConnectProfile.xsd' file on a PC that has AnyConnect installed on it (it should be in the same directory as the profiles are stored). That will tell you which values are valid and what the schema is.

--Jason

metalhead41 · ‎03-10-2011

Hi Jason,

Thanks for your response regarding this issue.

I am trying to generate the profile via the ASDM software, so I am going to: Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile. I then click on "add", I set a name for the profile and click on ok. It starts processing it but then throws up that error.

I only have Windows Mobile devices that connect to the VPN and due to security requirements I am unable to install it on a PC. The Windows Mobile devices don't have a AnyConnectProfile.xsd anywhere on it.

Where should the ASDM see the schema from when generating the profile?

Interestingly, on our live system we have the same setup (only difference is the hardware is ASA5510 instead) and going through the above process does work, but I need to get this working on our Test system before we can even think of making these changes.

Thanks,

Daniel

metalhead41 · ‎03-11-2011

Hi,

Just to let you know, I've tried this with AnyConnect 2.5.2019 installed on the ASA5505 and am now able to create the profile.

One part of this profile I was interested in was the autoconnect and autoupdate tags. The autoconnect seems to work fine for me, the auto update seems to have no effect and the unit still checks for product updates on connect.

Reading through the AnyConnect 2.5 release notes I am supposed to use the AnyConnectLocalPolicy.xml to bypass the downloader. I have tried this but it still checks for updates. Have I missed something in order to get the AnyConnectLocalPolicy.xml to be read?

Thanks,

Daniel

metalhead41 · ‎03-14-2011

Ok, I've managed to get AnyConnectLocalPolicy.xml working now (it was a xml parsing error in the original file from the AnyConnect admin guide).

What I want to do now is tune the VPN connection so it establishes the connection a bit faster. Currently (with autoupdates disabled) it takes 1min 8sec to establish the connection. Our client wants this sped up a bit more, is there anything else I could change (on the ASA5505 or the mobile device) to possibly do this?

Thanks,

Daniel