Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8021
Views
0
Helpful
5
Replies

anyconnect to connect before user login

Go to solution
cs87
Level 1
Level 1

‎03-18-2019 03:45 PM - edited ‎02-21-2020 09:35 PM

Hi

 

Ive configured the anyconnect to autoconnect after user has logged in to the computer. I want to enable it to connect before the user has logged in to the computer.

Im currently using user certificate for anyconnect to autoconnect the user. Should i change to machine certificate? in that case, where in the vpn configuration do i choose machine certificate over user certificate?

I have imported the root CA certificate in the ASA for autoconnect to work, is there anything else i need to do?

 

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎03-19-2019 02:53 PM

Hi,

You will need to modify the AnyConnect Profile, either by editing the file or using the AnyConnect Profile Editor. Ensure the "Use Start Before Logon" is selected and the "Certificate Store" is "All".

 

ras profile - Copy.PNG

 

As far as the certificate is concerned the WIndows Client must trust the certificate on the ASA, so if you currently have certificate warnings (which you ignore) then when using SBL, it will error and not prompt you to ignore.

 

You will obviously have to modify your group policy to enable the SBL vpngina to deploy the client. Ensure that the local client permits download updates.

 

group-policy GP-1 attributes

        webvpn

          anyconnect modules value vpngina

 

HTH

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-18-2019 04:05 PM

check this video and able to help you :

 

https://www.youtube.com/watch?v=_CYCbYVmPnM

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
cs87
Level 1
Level 1
In response to balaji.bandi

‎03-19-2019 02:00 AM

Hi

 

thanks for the video link, it explains a lot regarding the certificate.

But for the vpn to connect during user login, do you have any ideas regarding that?

 

BR
Carlos

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to cs87

‎03-19-2019 02:55 PM

Ha @Rob Ingram  cool ahead of me.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎03-19-2019 02:53 PM

Hi,

You will need to modify the AnyConnect Profile, either by editing the file or using the AnyConnect Profile Editor. Ensure the "Use Start Before Logon" is selected and the "Certificate Store" is "All".

 

ras profile - Copy.PNG

 

As far as the certificate is concerned the WIndows Client must trust the certificate on the ASA, so if you currently have certificate warnings (which you ignore) then when using SBL, it will error and not prompt you to ignore.

 

You will obviously have to modify your group policy to enable the SBL vpngina to deploy the client. Ensure that the local client permits download updates.

 

group-policy GP-1 attributes

        webvpn

          anyconnect modules value vpngina

 

HTH

 

 

0 Helpful

Go to solution
cs87
Level 1
Level 1
In response to Rob Ingram

‎03-20-2019 06:42 AM

hi

 

thanks, it worked after i enabled SBL and installed the module i could connect before user login :)

 

the only issue is that we have a specifik url connection for different customer/users. In this case we have vpn.externalname.se/<customer_id>

When connecting before logon it strips the /<customer_id> part and if the client gets disconnected and tries to reconnect, it will prompt with a list of all differents customer_id we have in place. Is there a way to get it to autofill the /<customer_id> part?

 

image.png

0 Helpful
Customers Also Viewed These Support Documents