Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23575
Views
21
Helpful
16
Replies

Cisco anyconnect XML profile on an M1 Macbook

vincentbas
Level 1
Level 1

‎08-26-2022 02:51 PM - edited ‎08-26-2022 02:52 PM

Hi all,

I just installed Cisco anyconnect on my brand new Macbook pro. In order to be able to work remotely I need to use an XML profile that is provided by my company. Unfortunately the dropdown in the client does not show the XML profile that I added to the following path as instructed here:

path: opt/cisco/anyconnect/profile

related post: https://community.cisco.com/t5/vpn/how-to-install-xml-profiles-for-anyconnect-for-mac/td-p/2349880

Can someone please tell me what I'm missing? Below you can find a screenshot of the empty dropdown as described earlier:

cisco-without-profile.png

 

 

 

 

 

 

 

 

 

 

 

Kind regards and thanks in advance!

Vincent

Labels:
0 Helpful
16 Replies 16

tn57
Level 1
Level 1

‎12-13-2023 10:09 AM

AnyConnect macOS 11 Big Sur Advisory - Cisco - I used this article as reference and created a AnyConnectProfile.xml as follows to pre-populate connection string and to hide and set the app to open on demand but somehow not taking effect. Please assist.

Platform: macOS Ventura 

Cisco AnyConnect Version:  5.0.02075

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">true</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">true</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>Machine</CertificateStore>
<CertificateStoreMac>All</CertificateStoreMac>
<CertificateStoreOverride>true</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>false</AllowLocalProxyConnections>
<AuthenticationTimeout>30</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<DisableCaptivePortalDetection UserControllable="false">false</DisableCaptivePortalDetection>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="false">
true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<SuspendOnConnectedStandby>false</SuspendOnConnectedStandby>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<LinuxLogonEnforcement>SingleLocalLogon</LinuxLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
<LinuxVPNEstablishment>LocalUsersOnly</LinuxVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">
Automatic
<PPPExclusionServerIP UserControllable="false"/>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="true">
false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false </RetainVpnOnLogoff>
<CaptivePortalRemediationBrowserFailover>false</CaptivePortalRemediationBrowserFailover>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>vpn.contoso.com</HostName>
<HostAddress>internal.contoso.com</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

 

 

0 Helpful

mz_ccie18676
Level 1
Level 1
In response to tn57

‎04-05-2025 05:43 PM

You can add script to .sh that does just that. 

#!/bin/bash

# Ask for input
read -p "Enter VPN display name (HostName): " hostname
read -p "Enter VPN server address (HostAddress): " hostaddress

# Clean up filename
filename="${hostname// /_}.xml"

# Destination folder
profile_dir="/opt/cisco/secureclient/vpn/profile"
output_file="${profile_dir}/${filename}"

# Check and create profile directory if it doesn't exist
if [ ! -d "$profile_dir" ]; then
echo " Creating VPN profile directory: $profile_dir"
sudo mkdir -p "$profile_dir"
sudo chown root:wheel "$profile_dir"
sudo chmod 755 "$profile_dir"
fi

# Create the profile XML content
profile_content="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<AnyConnectProfile xmlns=\"http://schemas.xmlsoap.org/encoding/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd\">
<ClientInitialization>
<UseStartBeforeLogon UserControllable=\"true\">true</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable=\"false\">true</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreMac>All</CertificateStoreMac>
<CertificateStoreLinux>All</CertificateStoreLinux>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>30</AuthenticationTimeout>
<AutoConnectOnStart UserControllable=\"true\">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable=\"true\">true</MinimizeOnConnect>
<LocalLanAccess UserControllable=\"true\">false</LocalLanAccess>
<DisableCaptivePortalDetection UserControllable=\"true\">false</DisableCaptivePortalDetection>
<ClearSmartcardPin UserControllable=\"false\">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable=\"false\">true
<AutoReconnectBehavior UserControllable=\"false\">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<SuspendOnConnectedStandby>false</SuspendOnConnectedStandby>
<AutoUpdate UserControllable=\"false\">true</AutoUpdate>
<RSASecurIDIntegration UserControllable=\"false\">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<LinuxLogonEnforcement>SingleLocalLogon</LinuxLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
<LinuxVPNEstablishment>LocalUsersOnly</LinuxVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable=\"false\">Disable
<PPPExclusionServerIP UserControllable=\"false\"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable=\"false\">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable=\"false\">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false</RetainVpnOnLogoff>
<CaptivePortalRemediationBrowserFailover>false</CaptivePortalRemediationBrowserFailover>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>$hostname</HostName>
<HostAddress>$hostaddress</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>"

# Save the profile file with root permissions
echo " Writing VPN profile to: $output_file"
echo "$profile_content" | sudo tee "$output_file" > /dev/null
sudo chown root:wheel "$output_file"
sudo chmod 644 "$output_file"

echo " VPN profile '$hostname' created successfully in $profile_dir"

0 Helpful
Customers Also Viewed These Support Documents