Multiple profile help needed

thejimster · ‎05-02-2013

I work for a company that requires me to connect to several customer Cisco VPNs via AnyConnect 3.0.5075.

Each customer site has provided it's own URL and certificate, etc.

How do I get Cisco AnyConnect Secure Mobility Client version 3.0.5075 to agree to multiple profiles?

I also would love some advice on how to add certificates to the tool without the "double click the certifiate" route. My laptop has an encrypted hard drive and when I try and "double click" the Cisco certificates the hard-drive encryption tool believes I am trying to add a certificate to it instead of to the Cisco VPN tool.

AnyConnect does not appear to have any editable/configurable settings for multiple profiles or to directly add a certificate.

I have googled furiously to no avail.

Any help available here? Even just to give me some bumps in the right direction?

Thanks in advance.

-Jim

rkumar5 · ‎05-03-2013

Hi Jim,

You can have multiple profile bind to different certificates

For example

crypto ca certificate map mymap 1
 subject-name attr cn eq Joe Smith
crypto ca certificate map mymap 2
 issuer-name co SubCA1
crypto ca certificate map mymap 25
 alt-subject-name eq jsmith@company.com
 subject-name attr ou co Sales
crypto ca certificate map mymap 65535
 subject-name ne ""

SSL certificate mapping applies to both clientless WebVPN and AnyConnect connections where certificates are used. The certificate-group-map entries are processed in the order they are entered and appear above until a match is found. They do not need to be in numerical order.

webvpn
 certificate-group-map mymap 1 Tunnel-group1
 certificate-group-map mymap 2 Tunnel-group2
 certificate-group-map mymap 25 Tunnel-group3
 certificate-group-map mymap 65535 Tunnel-Group4

The certificate selection can be done automatically by enabling the automatic certificate selection in the XML profile

Hope this helps you.

Thanks

Raj