05-07-2013 12:28 PM
Hello,
I work for an IT firm and we use Cisco IPSEC VPN to connect to our clients, well the IPSEC VPN Client program contains .pcf files which can be modified and stored in the profiles folder of the program.
Anyway Cisco IPSEC VPN is end of life and we are trying to find a way to maintain multiple connection to different external IP addresses through the AnyConnect Secure Mobility Client, on My Android I can add multiple connections but I dont have a way to do it from my PC.
I downloaded the VPN Profile editor, but that seems to only work with profiles that are individually loaded from the ASA.
I have the anyconnect-win-3.1.03103-k9.pkg on my ASA and I have the 3.1.03103 Client as well and the Profile Editor Version 3.1.03103.
I just want a drop down box or something for the AnyConnect Client to select the customer I need to connect to remotely.
I figured Cisco would have a program or package that does some type of profile management, since I am sure I'm not the only one who is trying to do this.
Any Thoughts ??
Thanks
05-07-2013 02:00 PM
Hi Nate,
You could do this using Group-Alias feature of AC.
Would you be connecting to different ASAs or same ASA but to different connection profiles?
Read more about the feature here:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/vpngrp.html
You could configure the profiles on each ASA and define the hostname/hostaddress under the server list section. Associate the profile with the group-policy concerned with the connection profile on that particular ASA.
Once the AC connection establishes, it will push the profile(s) to the client machine. Next time you launch AC, you will see the hostname pre-populated in the 'Connect to' box.
Read more about it here under 'Configuring a Server list':
Hope that helps. Let me know if you've further queries.
Regards,
Nick
P.S. Please rate this post if you find it helpful and also mark as 'Answered' if satisfied with the explanation.
05-07-2013 05:55 PM
In addition to Nicks's reply, the profiles are installed locally on your client as indicated in the Admin Guide here. (The directory is hidden by default in Windows clients.)
They are xml files and there are literally dozens of options one can build in with the profile editor. One can easily generate one "by hand" in any text editor. The minimum you need is the profile name, gateway IP Address and primary protocol.
-
http://schemas.xmlsoap.org/encoding/"> -
-
gateway ASA here
gateway IP here
primary protocol (e.g., IPsec) here
Normally these are pushed down from the ASA upon first connection. Once they are pushed to your client, they will appear in the AnyConnect drop-down box.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide