02-28-2012 08:59 AM - edited 02-21-2020 05:54 PM
I was wondering if there is a way to lock down the anyconnect profile on a clients machine. Basically we are using certifcates to authenticate so the client can make a VPN connection. We have enabled the certifcate match function to check for IPSec User Extended Match Key. I can modify the XML on the client PC to bypass the check and authenticate. We would like to keep users from doing that. Is there something I can setup on the ASA versus the client to check the certificate or prevent the XML from being modified?
Thanks in advance.
02-28-2012 11:37 AM
You can disable the user from changing any settings in the XML profile
Sent from Cisco Technical Support iPad App
02-28-2012 12:09 PM
I went in and modified the xml and removed the following. I was then able to make a connection without checking for the IPSecUser extended key usage. I have 2 certs on my client. One cert has the IPSecUser extended key usage and the other does not.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: