disable csd for webvpn and enable csd for anyconnect

gerard van rij · ‎03-20-2012

Hi all,

I find it very annoying that csd is being launched when I connect via webvpn, but I do need csd when I connect with anyconnect. does anyone know how to get this working?

asa version 8.4

regards,

Gerard

Julio Carvajal · ‎03-20-2012

Hello Gerard,

You can configure the CSD to be launched based on the tunnel-group but only if using Group-alias.

That is the only solution that I currently know.

Hope this helps.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

zasellers · ‎06-06-2014

I know this is a very old post, but I found the solution. I hope someone that stumbles upon this page will find this info useful.

As we all know, when navigating to the IP/FQDN of the ASA, as long as the URL is not matched against another connection profile, the DefaultWEBVPNGroup connection profile will be matched. The solution is to edit the connection profile DefaultWEBVPNGroup > Advanced > Clientless SSL VPN > Group URLs > Add > and here create the url of the ASAs IP (https://1.2.3.4) or FQDN (https://abc.net). Then, under "Group URLs" check to "Do not run Cisco Secure Desktop (CSD) on client machine when using group URLs ............

This will allow you to go to the main portal page and bypass CSD!!

Unfortunately, with this solution, you lose the ability to select an alias from the drop-down list.

Ralphy006 · ‎05-04-2017

Thanks Zasellers

With this solution.... users can technically connect to the Group URL via the anyconnect client directly right? Thus, bypassing CSD?

It would be nice if there was a way to bypass CSD ONLY for clientless... and always run it when using anyconnect...