cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1337
Views
0
Helpful
2
Replies

Locking down anyconnect client profile

wngwngwng
Level 1
Level 1

I was wondering if there is a way to lock down the anyconnect profile on a clients machine.  Basically we are using certifcates to authenticate so the client can make a VPN connection.  We have enabled the certifcate match function to check for IPSec User Extended Match Key.  I can modify the XML on the client PC to bypass the check and authenticate.  We would like to keep users from doing that.  Is there something I can setup on the ASA versus the client to check the certificate or prevent the XML from being modified?

Thanks in advance.

2 Replies 2

andrew.prince
Level 10
Level 10

You can disable the user from changing any settings in the XML profile

Sent from Cisco Technical Support iPad App

I went in and modified the xml and removed the following.  I was then able to make a connection without checking for the IPSecUser extended key usage.  I have 2 certs on my client.  One cert has the IPSecUser extended key usage and the other does not.

 

  

    IPSecUser

  

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: