I need to automate an Anyconnect connection. If the user is not connecting to an office (trusted) LAN, the following is needed:
1. The device (laptop) should start an Anyconnect session
2. The user should not need to interact with this process.
3. The authentication method should be a 'machine certificate'
4. The user cannot disconnect Anyconnect from the session.
I can manually start the session, but need to initiate the session and confirm the certificate. I can also have the session start automatically, but it still needs user interaction to complete.
I have looked at the profile settings, but cannot seem to find what the settings should be for automation of this process. Does it need to be scripted?
Thanks in advance
have you configured start before login:
I dont know about the machine cert. I use AD for authentication.
You should use the Trusted Network Detection feature and Always-ON, along with Certificate authentication to achieve what you are looking for. Trusted network detection automates the connection when you are in a untrusted network (based on domain name and dns) and does not allow the user to disconnect unless in a trusted network. Look for the "Automatic VPN Policy" under Preferences (Part 2) in the client profile.
More info here:
I see your 2 responses as notifications but does not show up on the thread.
To disable the ability to disconnect, uncheck the allow VPN Disconnect setting on the profile.
For the cert issue, TND and Always does a strict cert check, so if you have any certificate errors during manual connection (without alwayson), this wont work.