Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23655
Views
15
Helpful
17
Replies

AnyConnect Start Before Logon 4.10.01075

Go to solution
zekebash
Level 1
Level 1

‎08-16-2021 02:01 PM

Hello,

 

I'm trying to find an updated document that explains the procedure/steps in order to configure Anyconnect Before Logon on Win 10. The document below seems outdated as the it references some configuration parameters within the .xml file that no longer exist in Anyconnect Mobility version 4.10.x.

 

Can someone point me in the right direction?

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107598-sbl.htmlAnyConnect Start Before Logon

 

Best, ~zK

 

Labels:
0 Helpful
17 Replies 17

Go to solution
zekebash
Level 1
Level 1
In response to stsargen

‎08-18-2021 10:47 AM

@stsargen 

 

Yes, I have the same Anyconnect version loaded on the ASA and my laptop.

Do you think it is a good idea to upload the DART file of my company laptop o this public platform?

0 Helpful

Go to solution
Milos_Jovanovic
VIP Alumni
VIP Alumni
In response to zekebash

‎08-18-2021 10:40 PM

@zekebash,

I would agree with you - DART would contain too much information about your setup, which you won't be able to maskquarade. This should be a mandatory step for TAC case, as first thing they would ask you is DART file. However, you'll need to install DART on your PC, same as SBL, so if you can only do this from ASA headend then you are still stuck (btw, you could add it with 'anyconnect modules value vpngina,dart').

Have you tied up your tunnel-group with this specific group-policy? It won't be there by default, unless you tie them up together.

Could you please VPN to device (on your standard profile from where you want to push SBL, or from SBL profile), collect the following outputs and share them:

  • show vpn-sessiondb anyconnect
  • show run tunnel-group (same one displayed in the above command)
  • show run group-policy (same one displayed in the above command)
  • show run webvpn
  • screenshot of AC vesion on your PC from AC itself, and screenshot from 'Add od remove programs'

Based on these, we should see if your config for pushing SBL is correct.

BR,

Milos

 

 

Go to solution
zekebash
Level 1
Level 1
In response to Milos_Jovanovic

‎08-19-2021 10:45 AM

@Rob Ingram.. @stsargen .. @Milos_Jovanovic ,... I was able to fix the issue. Everything is working as expected.

 

Here is what I had to do:

  - Removed the commands I applied under the group-policy\webvpn

  - Re-applied the same commands I applied under the group-policy\webvpn
                 anyconnect mtu 1300
                 anyconnect modules value vpngina
                 anyconnect profiles value Main_Profile type user

- Removed the .xml file under C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

- Disconnected current Anyconnect vpn session

- Added the .xml file under C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

- Re-conncted to Anyconnect vpn

- Rebooted

 

That resolved the issue.

 

I appreciate all of your assistance and time.

 

Best, ~zK

0 Helpful
Customers Also Viewed These Support Documents