Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4329
Views
0
Helpful
4
Replies

Anyconnect, Windows 7, and retain on logoff

szilagyic
Level 1
Level 1

‎02-01-2011 06:54 AM - edited ‎02-21-2020 05:08 PM

Hello:

We are currently using Cisco Anyconnect 2.5 as our main VPN client.  Recently we needed to get it to retain the connection when a user logs off (for remote support).  We use UltraVNC to connect in for remote assistance with users, and there are times we need to log on with an administrator account.  It seems that Anyconnect will not allow Switch User, so the alternative is to allow the user to connect with VPN, log out, and for us to log back in as Administrator, all through UltraVNC.  However it seems that no matter what we do, we cannot get the VPN connection to remain active when a user connects VPN, then logs out.  As soon as they log out, the VPN connection is terminated.  We have followed the documentation and have set the two values, in our profile file (c:\users\all users\cisco\cisco anyconnect vpn client\profile\mycompany.xml):

Nested within "<ClientInitialization>":

        <RetainVpnOnLogoff>true
          <UserEnforcement>AnyUser</UserEnforcement>
        </RetainVpnOnLogoff>

All other settings are set to the default, for instance we do not initiate VPN before logon, etc.  According to the documentation, this is supposed to retain the VPN connection when the user logs out.  However, in our case it doesn't seem to do so.

I'm trying to see if we are missing anything here.  Has anybody else gotten this to work correctly?

Thanks in advance!

--

Chris

Labels:
0 Helpful
4 Replies 4

bravotom99
Level 1
Level 1

‎02-02-2011 12:58 PM

Make sure the xml profile is loaded on the ASA and assigned in the group policy.  I had the same issue in that it wouldn't work and I had to ask Cisco about it.  I think it's stupid the way they coded this because now instead of having 1 person retain their session, everyone assigned that group policy will now keep a session every single time they login/logoff.  It doesn't make alot of sense to me

0 Helpful

szilagyic
Level 1
Level 1
In response to bravotom99

‎02-02-2011 01:14 PM

Hello and thanks for the reply.  Are you saying that we cannot do this with the local profile settings?  Right now we are trying to test the settings by using the XML profile file, (c:\users\all users\cisco\cisco anyconnect vpn client\profile\mycompany.xml), before we go trying to deploy a policy.  So right now, we don't use any policies, we just have everything in the local XML file.

Please confirm... thank you!

0 Helpful

bravotom99
Level 1
Level 1
In response to szilagyic

‎02-02-2011 01:39 PM

Unfortunately that is correct.  Assign the xml in the group policy and then it will work

0 Helpful

dachserusa
Level 1
Level 1
In response to bravotom99

‎09-19-2014 08:26 AM

Do we need to create an additional XML file or do we edit an pre-existing XML file already used in the install package?

0 Helpful
Customers Also Viewed These Support Documents