03-18-2019 03:45 PM - edited 02-21-2020 09:35 PM
Hi
Ive configured the anyconnect to autoconnect after user has logged in to the computer. I want to enable it to connect before the user has logged in to the computer.
Im currently using user certificate for anyconnect to autoconnect the user. Should i change to machine certificate? in that case, where in the vpn configuration do i choose machine certificate over user certificate?
I have imported the root CA certificate in the ASA for autoconnect to work, is there anything else i need to do?
thanks
Solved! Go to Solution.
03-19-2019 02:53 PM
Hi,
You will need to modify the AnyConnect Profile, either by editing the file or using the AnyConnect Profile Editor. Ensure the "Use Start Before Logon" is selected and the "Certificate Store" is "All".
As far as the certificate is concerned the WIndows Client must trust the certificate on the ASA, so if you currently have certificate warnings (which you ignore) then when using SBL, it will error and not prompt you to ignore.
You will obviously have to modify your group policy to enable the SBL vpngina to deploy the client. Ensure that the local client permits download updates.
group-policy GP-1 attributes
webvpn
anyconnect modules value vpngina
HTH
03-18-2019 04:05 PM
check this video and able to help you :
03-19-2019 02:00 AM
Hi
thanks for the video link, it explains a lot regarding the certificate.
But for the vpn to connect during user login, do you have any ideas regarding that?
BR
Carlos
03-19-2019 02:55 PM
Ha @Rob Ingram cool ahead of me.
03-19-2019 02:53 PM
Hi,
You will need to modify the AnyConnect Profile, either by editing the file or using the AnyConnect Profile Editor. Ensure the "Use Start Before Logon" is selected and the "Certificate Store" is "All".
As far as the certificate is concerned the WIndows Client must trust the certificate on the ASA, so if you currently have certificate warnings (which you ignore) then when using SBL, it will error and not prompt you to ignore.
You will obviously have to modify your group policy to enable the SBL vpngina to deploy the client. Ensure that the local client permits download updates.
group-policy GP-1 attributes
webvpn
anyconnect modules value vpngina
HTH
03-20-2019 06:42 AM
hi
thanks, it worked after i enabled SBL and installed the module i could connect before user login :)
the only issue is that we have a specifik url connection for different customer/users. In this case we have vpn.externalname.se/<customer_id>
When connecting before logon it strips the /<customer_id> part and if the client gets disconnected and tries to reconnect, it will prompt with a list of all differents customer_id we have in place. Is there a way to get it to autofill the /<customer_id> part?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide