Re: AnyConnect Secure Mobility Client hostname/ip BEFORE first connection with webdeploy

admin-systeme · ‎02-26-2020

Hello,

Sorry for my English if I make mistakes.

Currently, we are configuring a new ASA5516.

We have issue with the first installation AnyConnect Secure Mobility Client. Let me explain.

We would like users can install easily this tools to connect through VPN to our network. So, they will need to go to a webpage https://test1.com and after the connection they can download this file : anyconnect-win-4.8.02042-core-vpn-webdeploy-k9.exe

This is working fine.

But after the first installation we have got "Cisco AnyConnect Secure Mobility Client" and the field "VPN Ready to connect" is empty/blank.

I know we can edit a profile.xml. That what we done and we can find it in the folders :

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
and :
C:\Users\XXXX\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client

This is working fine too. But the profile appears AFTER the first connection.

So my question is :
is there a way to have easily something instead of a blank text BEFORE the first connection with Cisco Anyconnect Secure Mobility Client ? For me it’s not possible that cisco didn’t think to give the possibility to have a hostname or ip address by default but I may be wrong. (moreover it will be always the same connection for us : connection to test1.com).

Any help will be appreciated ! Thank you very much for your help.

Sheraz.Salim · ‎02-26-2020

So my question is :
is there a way to have easily something instead of a blank text BEFORE the first connection with Cisco Anyconnect Secure Mobility Client ? For me it’s not possible that cisco didn’t think to give the possibility to have a hostname or ip address by default but I may be wrong. (moreover it will be always the same connection for us : connection to test1.com).

I get your question. to answer this unelss you have SCCM you can push this policy to your windows domain computer otherwise i do not see anyother way. once the user download the anyconnect he/she need to type in the anyconnect module.

please do not forget to rate.

admin-systeme · ‎02-26-2020

Ok.

Is it possible to modify the first package downloaded with this kind of information or not ? (anyconnect-win-4.8.02042-core-vpn-webdeploy-k9.exe)

Thank you.

Sheraz.Salim · ‎02-26-2020

We run similarly setup. We push new anyconnect module package through window group policy. Than each single user have to type in url/domain in anyconnect in order to connect to our network when they not in office/site.

i don’t think you can do what you looking for. I have not seen this.

please do not forget to rate.

admin-systeme · ‎02-26-2020

Ok unfortunately we won't be able to do this right now, we are not ready with window group policy.

Any other opinion ? Thank you.

Sheraz.Salim · ‎02-27-2020

I do not see anyother way let see what other says on this issue.

please do not forget to rate.

admin-systeme · ‎03-02-2020

Therefore, no other opinion ? no other way to do this ?

Thank you.

Cristian Matei · ‎03-10-2020

Hi,

You can have your users actually connect too ASA via clientless SSL VPN, and after authenticated bush both the AnyConnect package and the AnyConnect profile (so the Ready To Connect get autopopulated; note that sometimes, a Restart of the end-device may be needed. You have two options:

- use a single VPN configuration (the one you want for your users) and additionally allow clientless SSL VPN so that users can connect before having AnyConnect installed, and enhance your VPN configuration (group-policy) so that the AnyConnect client is pushed to the users, alongside with the AnyConnect profile

- keep the existing VPN configuration as it is, and configure a new connection-profile/group-policy which is used only for AnyConnect client/ AnyConnect profile on-boarding/provisioning (this should allow only clientless SSL VPN)

Regards,

Cristian Matei.