Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
662
Views
0
Helpful
2
Replies

Cisco Secure Mobility Client

nate fitzgerald
Level 1
Level 1

‎05-07-2013 12:28 PM

Hello,

I work for an IT firm and we use Cisco IPSEC VPN to connect to our clients, well the IPSEC VPN Client program contains .pcf files which can be modified and stored in the profiles folder of the program.

Anyway Cisco IPSEC VPN is end of life and we are trying to find a way to maintain multiple connection to different external IP addresses through the AnyConnect Secure Mobility Client, on My Android I can add multiple connections but I dont have a way to do it from my PC.

I downloaded the VPN Profile editor, but that seems to only work with profiles that are individually loaded from the ASA.

I have the anyconnect-win-3.1.03103-k9.pkg on my ASA and I have the 3.1.03103 Client as well and the Profile Editor Version 3.1.03103.

I just want a drop down box or something for the AnyConnect Client to select the customer I need to connect to remotely.

I figured Cisco would have a program or package that does some type of profile management, since I am sure I'm not the only one who is trying to do this.

Any Thoughts ??

Thanks

Labels:
0 Helpful
2 Replies 2

Nikhil Thakur
Cisco Employee
Cisco Employee

‎05-07-2013 02:00 PM

Hi Nate,

You could do this using Group-Alias feature of AC.

Would you be connecting to different ASAs or same ASA but to different connection profiles?

  • In latter case, the group-alias feature would be the best option to use here.

Read more about the feature here:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml

http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/vpngrp.html

  • In case you're planning to connect to different ASAs to establish AC VPN connection, using profiles would be a good option.

You could configure the profiles on each ASA and define the hostname/hostaddress under the server list section. Associate the profile with the group-policy concerned with the connection profile on that particular ASA.

Once the AC connection establishes, it will push the profile(s) to the client machine. Next time you launch AC, you will see the hostname pre-populated in the 'Connect to' box.

Read more about it here under 'Configuring a Server list':

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/ac03vpn.html#wp1481034

Hope that helps. Let me know if you've further queries.

Regards,

Nick

P.S. Please rate this post if you find it helpful and also mark as 'Answered' if satisfied with the explanation.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-07-2013 05:55 PM

In addition to Nicks's reply, the profiles are installed locally on your client as indicated in the Admin Guide here. (The directory is hidden by default in Windows clients.)

They are xml files and there are literally dozens of options one can build in with the profile editor. One can easily generate one "by hand" in any text editor. The minimum you need is the profile name, gateway IP Address and primary protocol.

     -http://schemas.xmlsoap.org/encoding/">
          -
                -
                    gateway ASA here
                    gateway IP here
                    primary protocol (e.g., IPsec) here
                 
    

Normally these are pushed down from the ASA upon first connection. Once they are pushed to your client, they will appear in the AnyConnect drop-down box.

0 Helpful
Customers Also Viewed These Support Documents