Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10535
Views
5
Helpful
4
Replies

AnyConnect Profile File - Default

Go to solution
hurricane05
Level 1
Level 1

‎07-12-2021 06:22 AM

Hello. I'm learning on the setup and use of the Cisco AnyConnect client and was looking over our existing setup for our VPN. Within the Cisco ASDM, under Network (Client) Access \ AnyConnect Client Profile, there is no AnyConnect Client Profile files. Our users currently connect to the VPN with AnyConnect and within the local Windows location C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile, there is no profile (only AnyConnectProfile.xsd file). When I look at the Preferences tab in our existing AnyConnect client on our Windows machine, I see options that are allowed to be controlled by the user. So my question is are the settings something set by default by the AnyConnect software if no profile is configured? I don't see any files in disk0 when I try to search for the .xml.

 

Thanks in advance for any assistance given.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-13-2021 05:28 AM

Normally you would associate different client profiles with different connection profiles in ASDM (AKA tunnel-groups in the cli). Test until you are happy with the outcome and then cutover to use the same client profile with the main employee connection profile.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-12-2021 09:00 PM

In the absence of a profile configured on the headend (ASA or FTD device) then the client will use the default settings or, alternatively, may be (very slightly) modified by the few preference exposed in the client UI.

Profiles are optional but often used to either make the user experience slightly better (i.e.. at least giving a user-friendly name to the connection name vs. something like vpn.company.com) or, most often, to tweak the numerous parameters available in the profile editor when you do a full profile customization.

When you have a profile configured, it will automatically overwrite any conflicting settings the user may have made on their own every time a new connection is established.

0 Helpful

Go to solution
hurricane05
Level 1
Level 1
In response to Marvin Rhoads

‎07-12-2021 09:56 PM

Thx for the valuable feedback. One other question since you have mentioned the settings get overwritten each time a new connection is established. We currently have our main connection setup for all employees to connect to and I also have a test profile connection I use to test with. Our goal is looking to setup the Always-On feature.

 

If I create an AnyConnect Profile for my test account and a default AnyConnect Profile for our main employees, what's the behaviour on my laptop if initially test with the Test AnyConnect Profile with always on and then attempt to try and connect to our main connection with employee (with new AnyConnect Profile with same Always-On). Would my system not allow me to connect to the employee because it's trying to automatically connect to test profile and would there for require me to manually tweak the test.xml AnyConnect Profile?

 

Thx for any response given.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-13-2021 05:28 AM

Normally you would associate different client profiles with different connection profiles in ASDM (AKA tunnel-groups in the cli). Test until you are happy with the outcome and then cutover to use the same client profile with the main employee connection profile.

0 Helpful

Go to solution
hurricane05
Level 1
Level 1

‎07-14-2021 09:29 AM

Thx for your valuable input.

0 Helpful
Customers Also Viewed These Support Documents