Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4658
Views
0
Helpful
3
Replies

disable csd for webvpn and enable csd for anyconnect

gerard van rij
Level 1
Level 1

‎03-20-2012 06:24 AM - edited ‎02-21-2020 05:57 PM

Hi all,

I find it very annoying that csd is being launched when I connect via webvpn, but I do need csd when I connect with anyconnect. does anyone know how to get this working?

asa version 8.4

regards,

Gerard

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-20-2012 12:38 PM

Hello Gerard,

You can configure the CSD to be launched based on the tunnel-group but only if using Group-alias.

That is the only solution that I currently know.

Hope this helps.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

zasellers
Level 1
Level 1

‎06-06-2014 05:55 PM

I know this is a very old post, but I found the solution.  I hope someone that stumbles upon this page will find this info useful.

As we all know, when navigating to the IP/FQDN of the ASA, as long as the URL is not matched against another connection profile, the DefaultWEBVPNGroup connection profile will be matched.  The solution is to edit the connection profile DefaultWEBVPNGroup > Advanced > Clientless SSL VPN > Group URLs > Add > and here create the url of the ASAs IP (https://1.2.3.4) or FQDN (https://abc.net).  Then, under "Group URLs" check to "Do not run Cisco Secure Desktop (CSD) on client machine when using group URLs ............

 

This will allow you to go to the main portal page and bypass CSD!!

 

Unfortunately, with this solution, you lose the ability to select an alias from the drop-down list.

0 Helpful

Ralphy006
Level 1
Level 1
In response to zasellers

‎05-04-2017 09:05 AM

Thanks Zasellers

With this solution.... users can technically connect to the Group URL via the anyconnect client directly right? Thus, bypassing CSD?

It would be nice if there was a way to bypass CSD ONLY for clientless... and always run it when using anyconnect...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents