Multiple Client Profiles with AnyConnect

GRWilkerson · ‎05-11-2012

Hello,

I have the need to store more than one VPN profile on my anyconnect client. I am a consultant and have mulitple clients using AnyConnect. The old VPN client used pcf files. From what I've been about to gather, an XML file can be used to simulate this same function. I tried to work with that, but had no luck. The preferences file gets overwritten with that last successful connection.

Can anyone help me out with this? Please keep in mind, from a VPN standpoint, I'm just a user. Not an admin. Quite honestly, I'm not even sure what to ask. I just want this AnyConnect client to display all my VPN connections like the old one.

Thanks,

Greg

maharri2 · ‎06-26-2013

Is there somethign I need to do to triger the recongnition of new profiles? I placed them in the Profile directory OK.

For the first profile I used a few weeks ago, it wasn't showing up. Then after a few days and PC restarts, suddenly the profile surprised me and showed up which I wasn't expecting as it hadn't changed anything ...... and from there on, it worked great.

This now happening again. I can see the orginal profile still and it works, but I can't see in the drop down the 2 new ones I just placed in the directory today.

What is the trick to getting Anyconnect to see recently added profiles and adding them to the dropdown?

sayrmatics · ‎06-29-2013

The more i think about it, the messier it appears. As you are not the admin and also need to connect to different customer VPN gateways, i can foresee a situation where user controllable attributes set on the different VPN gateways keep overwriting whatever you get or configure personally - and rightly so. There is also the issue of what happens if you've got an old client and the ASA is configured to update your client if it has a more recent version?

Probably best going with Marvin's suggestion and creating your own VPN profile XML file and copying it into the right directory for your endpoint...and see what happens when you connect to the next VPN gateway

bsisco · ‎07-19-2013

Seems like Cisco may have missed the mark on this one. I too connect to many locations using the Anyconnect client, and have no control over the ASA configuration that manages their settings or deploys new versions. I am constantly having to enter the hostname I wish to connect to, and modify my credentials. XML is pretty flexible and it seems to me that the client could use the SSL thumbprint and hostname to define a schemed XML entry for each gateway. One step forward, two steps back.

shashi_chandran · ‎08-16-2013

Here is the solution to create multiple profiles in Cisco anyconnect VPN Client.

Perform following Steps :

Open location : “%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile”
Open notepad and copy below text :

http://schemas.xmlsoap.org/encoding/">

username

ssl_url

none

true

Edit user and hostname as required.
Add client certificate thumbprint ( You can get this from preferences.xml file in

C:\Users\\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client (for Windows 7).

Save as xml file in same location. .
Restart cisco anyconnect.

* perform same steps for all the addresses(profiles) you want to create. And you will get the list of all the address in Cisco anyconnect.

Thanks,

Shashi

entrack · ‎12-19-2017

I am having the same problem saving one of my connections.

I am running Win 10.

I do not have a Profile folder in my

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client Folder.

Only folders are DART, plugins, and res.

Is this because it is WIN/10?

Please advise.

andy.winford · ‎03-14-2020

It's not there. See the other responses. Also make sure your Hidden Items is checked.

tyoung008 · ‎07-19-2020

If your firewall does not have an AnyConnect profile, it will not be downloaded to your laptop and saved.

You can manually create and save profiles in the AnyConnect profile directory. AnyConnect checks the directory on startup. If you add a new profile, you will need to stop and restart AnyConnect for it to appear in the drop down.

Below are the contents of a batch file (*.bat) that I have used in Windows 7 to easily manually create profiles:

@BigR off
rem Version 1.0.1
rem Change 0.1 - Added comment to (1) unhide C:\ProgramData or (2) run as administrator.
rem For easy right-click paste, Enable Defaults ^> QuickEdit Mode in your command window.

rem VARIABLES
set /p HostName="Please enter customer name: ";
set /p HostAddress="Please enter FQDN or IP of VPN gateway: ";

rem PROGRAM
@BigR ^<?xml version="1.0" encoding="UTF-8"?^> > "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/"^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<ServerList^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<HostEntry^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<HostName^>%HostName%^</HostName^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<HostAddress^>%HostAddress%^</HostAddress^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^<PrimaryProtocol^>SSL^</PrimaryProtocol^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^</HostEntry^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^</ServerList^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"
@BigR ^</AnyConnectProfile^> >> "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml"

@BigR Created C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\%HostName%.xml.
@BigR Please quit and restart AnyConnect to use the new profile.
pause

This is a command file that I currently use on Mac:

#! /bin/bash
# Version 1.0.1
# Change 0.1 - You need to run the command "sudo chflags norestricted /opt/cisco/anyconnect/profile/" to remove the folder from
# SIP (System Integrity Protection) and change everyone to read+write for /opt/cisco/anyconnect/profile/ in Get Info so that you can create files.
# You will also need to run the command "chmod +ux MkACProfile.command" to make the script executable. Double-click it to use.
# VARIABLES
read -p "Please enter customer name: " -e Customer
read -p "Please enter FQDN or IP of VPN gateway: " -e HostAddress
# PROGRAM
touch "/opt/cisco/anyconnect/profile/$Customer.xml"
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" > "/opt/cisco/anyconnect/profile/$Customer.xml"
echo "<AnyConnectProfile xmlns=\"http://schemas.xmlsoap.org/encoding/\">" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " <ServerList>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " <HostEntry>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " <HostName>$Customer</HostName>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " <HostAddress>$HostAddress</HostAddress>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " <PrimaryProtocol>SSL</PrimaryProtocol>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " </HostEntry>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo " </ServerList>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo "</AnyConnectProfile>" >> "/opt/cisco/anyconnect/profile/$Customer.xml"
echo "Created /opt/cisco/anyconnect/profile/$Customer.xml."
echo "You will need to quit and restart AnyConnect for it to rescan the profile directory."

Marvin Rhoads · ‎07-10-2014

Yes, the last used profile gets copied into preferences.xml in your default profile location = C:\Users\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client (for Windows 7).

However, all used profiles should be copied into the location C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile (for Windows 7). If they are there, you should see them as selectable on a drop-down list in your AnyConnect client.

You could run into a problem if the folks running the ASAs use the same profile name. In that case, your could build some profiles yourself with the destination ASAs and give them unique names. A basic profile is only a structured handful of lines of plain text saved as an XML file.

Done properly, you should see something like this:

MILTON MENEGHINI · ‎10-09-2014

Hi Marvin

Do you know where is the profile directory in Windows 8 ?

Marvin Rhoads · ‎10-09-2014

They haven't updated the documentation to reflect the Windows 8 .x file locations; but I believe they are all in the same place since Windows 8 OS did not change the existence or location of those hidden directories.

venkateshjaya · ‎05-16-2016

here is the location of profile directory -

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

And sample profile file to copy onto this folder.you may create and copy as many ssl vpn gateway xml files as you need.(as attached)

sample TEST.xml

=================

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">;
<ServerList>
    <HostEntry>
      <HostName>TEST</HostName>
      <HostAddress>x.x.x.57</HostAddress>
    </HostEntry>
</ServerList>
</AnyConnectProfile>

entrack · ‎02-01-2019

I have a different issue.

It will not save an IP address.

I am running Windows 10 Pro.

Any help is appreciated.

entrack · ‎07-29-2018

I am having this problem storing a Profile where we use the IP address.

I would like to avoid having to enter the IP address each time. I am using WIN/10. There is no Profile directory within C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client Please advise.

Ron

The Security Guy · ‎12-16-2018

Did you ever find a resolution for this?