Re: Mapping network drives after logging in to VPN

PaulWelc · ‎01-24-2008

We are having a problem where remote users login to their laptop with cached domain credentials using SSL VPN (the users are onsite but take their laptops home). Problem is they login to the VPN and their mapped drives don't work and they need to delete and remap their drives everytime they log in (we have to use FQDN to remap, example would be Jsmith1.anycompany.com). Any suggestions

rimbertr1 · ‎01-28-2008

I don't have any experience with cached domain credentials using SSL VPN so I don't know if this is applicable but you may want to have them try logging in to the VPN before logging in to the machine (VPN Client->Options->Windows Logon Properties->Enable start before logon).

PaulWelc · ‎01-28-2008

Thanks for the help but I'm using the Cisco AnyConnect VPN client and it doesn't have options. I think my old IPsec client had those options.

pengfang · ‎01-29-2008

Hi, you can enable Start Before Logon (SBL) for AnyConnect client.With SBL enabled, the user sees the AnyConnect GUI logon dialog before the Windows logon dialog

box appears. This establishes the VPN connection first. Available only for Windows platforms, Start Before Logon lets the administrator control the use of login scripts, password caching, mapping network drives to local drives, and more. You can use the SBL feature to activate the VPN as part of the logon sequence. SBL is disabled by default.

1. Create user profile, then edit attribute, for example,settiing myprofile.xml file to true:

true

To disable SBL, set the same value to false.

You must also specify on the security appliance that you want to allow SBL. Take a look AnyConnect User manual,see the description in the section Enabling Modules for Additional AnyConnect Features(ASDM) or Enabling Modulesfor Additional AnyConnect Features (CLI) for a description of how to do this.

Pls rate if it helps.

PaulWelc · ‎01-30-2008

Thanks pengfang, I think I'm getting closer to a solution. Only problem is the remote office is connected via site to site VPN. After hours and on the weekend they take their laptops home, to do work. So if I did the above it would work great for them remotely, but when they got back to the office it probably wouldn't work as they would be using the site to site.

pengfang · ‎01-30-2008

Hi Paul,

To enable the UserControllable feature, use the following statement when enabling SBL at your profile.xml:

true

By this way, your remote user can enable SBL at home and cancel SBL at office.

PaulWelc · ‎02-01-2008

Thanks!!!!!

MARK BAKER · ‎08-27-2008

I'm having a hard time trying to figure out how the UserControllable feature works on Windows XP. I assumed it would work the same as the IPSec VPN Client where I could allow users to enable or disable the SLB option. I don't see where this can be enabled or disabled by a user with the AnyConnect client. And what does it mean by user settings are stored elsewhere? Where are they stored and how do you set them?

true

(Note in documentation for above line)

Any user setting associated with this attribute is stored elsewhere.

The above line works the same for me as the line below. I don't see the difference between the two. They both use SLB, I can cancel the SLB with either by clicking the x in the window, and I don't see how a user can enable or disable SLB on either. So, what is the difference?

I am hoping I am missing something simple here. Any help is greatly appreciated.

PS. I used "true" as well as "false" with the command and it still worked the same.

Thanks,

Mark