Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8551
Views
0
Helpful
5
Replies

Deploying Anyconnect clients with specific profiles

Richard Tapp
Level 1
Level 1

‎12-24-2015 03:39 AM - edited ‎02-21-2020 08:36 PM

I have been testing Anyconnect and we are now at the stage where we are testing remote client deployments.

On one of my ASA's I have created a test profile and downloaded it. My desktop dev team would now like to be able to deploy this to users with the correct profile for the user.

So far we have managed to deploy the client, but the profile is not used until you have logged on the the ASA for the first time.

Is this correct ?

1 person had this problem
Labels:
0 Helpful
5 Replies 5

carlguer
Level 1
Level 1

‎12-24-2015 06:46 AM

Hi Richard,

You are correct, the xml profile will not be pushed to the computer until the first successful connection to the ASA.

0 Helpful

Richard Tapp
Level 1
Level 1
In response to carlguer

‎01-05-2016 12:32 AM

Thanks for all the reply's. I will pass this information onto the desktop support team.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎12-24-2015 07:02 AM

The answer to this question depends on how you are doing the deploy. If you are using web deploy where the user accesses the VPN server and downloads the client then yes the profile is not used until you have logged on, since the profile is down loaded as part of the client install. But if you are doing manual deploy of the client (as seems to be suggested by the fact that your desktop team is asking about it) then it should be possible to put a copy of the profile xml file into the proper directory as they install the client. And then the profile will be used from the very beginning.

HTH

Rick

HTH

Rick
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-24-2015 08:33 AM

As noted by Rick, the profile can be pre-deployed. We commonly do this when doing NAM profile pre-deployments for use in an ISE deployment.

Please refer to the AnyConnect Admin Guide for detailed instructions on doing this:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect42/b_AnyConnect_Administrator_Guide_4-2/deploy-anyconnect.html#ID-1425-0000015f

0 Helpful

Diego Lopez
Level 1
Level 1

‎12-24-2015 10:36 AM

You can manually install the XML profile to the user's computer if you want, just download it from the ASA using a TFTP server or with ASDM, once you have it you can copy it in the following locations, it will be different depending on the OS and implementation that you are trying to do.

You can check this documentation: 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac02asaconfig.html#pgfId-1431357

0 Helpful
Customers Also Viewed These Support Documents