cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
177
Views
5
Helpful
10
Replies
Beginner

Anyconnect run local script after login for FTD appliance

Hello,

 

I am trying to see if there is a way to run a login script after signing into Anyconnect? I see this thread but it applies to the ASDM/ASA:

https://community.cisco.com/t5/vpn/run-local-file-after-anyconnect-establishes-a-connection/td-p/2766367

 

Looking to do this via FMC on my FTD appliances.

 

Thanks.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: Anyconnect run local script after login for FTD appliance

Hi,

 

  1. You download the AnyConnect Profile Editor from Cisco, create a profile with scripting settings, assign it to your group policy.

  2. You deploy the scripts via other mechanisms (software distribution), or if not too many devices, plain old copy/paste.

 

Use this guide for reference, look in the scripting section.

 

Regards,

Cristian Matei.

View solution in original post

10 REPLIES 10
Highlighted
Rising star

Re: Anyconnect run local script after login for FTD appliance

Hi,

 

   Have not tested this on FTD, did it couple of times on ASA. Running a local script should work, as this is not dependent on the headend; its just that what happens locally on the end-device after the session is successfully established. You may not be able to deploy the scripts from FTD, but you could deploy it to the end client via other means (software distribution).

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: Anyconnect run local script after login for FTD appliance

It's not the deployment (of the script) that is the issue, it is getting it to execute AFTER connected to the VPN. Usually some VPN programs out there have a setting to run logon script after signon, but I don't see that on the Anyconnect.

Highlighted
Hall of Fame Guru

Re: Anyconnect run local script after login for FTD appliance

Doing that as a function of the AnyConnect client requires us to use AnyConnect Customization/Localization feature.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/customize-localize-anyconnect.html#ID-1408-000003c2

That's not currently supported in FTD (as of 6.5).

Highlighted
Rising star

Re: Anyconnect run local script after login for FTD appliance

Hi,

 

 @Marvin Rhoads You just configure/enble AnyConnect profile for scripting, and you deploy the scripts via other mechanisms (software deployment) in the proper path on the end user's station. You would need to make use of AnyConnect Customisation feature if you would want the FTD to push over the scripts.

 

Regards,

Cristian Matei.

Highlighted
Beginner

Re: Anyconnect run local script after login for FTD appliance

Thanks everyone for your feedback. How would you do this "You just configure/enble AnyConnect profile for scripting" in the FMC?

Highlighted
Rising star

Re: Anyconnect run local script after login for FTD appliance

Hi,

 

  1. You download the AnyConnect Profile Editor from Cisco, create a profile with scripting settings, assign it to your group policy.

  2. You deploy the scripts via other mechanisms (software distribution), or if not too many devices, plain old copy/paste.

 

Use this guide for reference, look in the scripting section.

 

Regards,

Cristian Matei.

View solution in original post

Highlighted
Beginner

Re: Anyconnect run local script after login for FTD appliance

Found it thanks. For testing purposes, I'm assuming this has to be uploaded to the firewall to test? I tried putting the test xml in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile and moving the old one and it appears it ignored my test script in the script folder. 

Highlighted
Rising star

Re: Anyconnect run local script after login for FTD appliance

Hi,

 

   Look in the guide i've referenced, it's well explained.

 

Regards,

Cristian Matei.

Highlighted
Hall of Fame Guru

Re: Anyconnect run local script after login for FTD appliance

Thanks @Cristian Matei I didn't read down far enough in the AnyConnect admin guide to see that deploying scripts manually or via alternative software deployment tools is an option. That's good to know.

@ryan14 it looks like, for Windows hosts, you should put the scripts in

%ALLUSERSPROFILE%\Cisco\Cisco AnyConnect Secure Mobility Client\Script 

..according to this:

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect48/administration/guide/b_AnyConnect_Administrator_Guide_4-8/customize-localize-anyconnect.html#ID-1408-000003c2

Highlighted
Beginner

Re: Anyconnect run local script after login for FTD appliance

I tested this last night and it appeared to work. My net use script did remap the drive.

 

Make sure you append OnConnect in the file name. I was more worried creating a new group in anyconnect policy might drop RAVPN existing connections, but it did not in my test.