01-22-2019 12:18 AM
Following this link https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-2-3-254/td-p/1158863 . Do i am trying to do the same thing with CSR1000V but with no use. Can you please help me with some indications?
01-22-2019 12:30 AM - edited 01-22-2019 12:31 AM
Regards to CSR1000V anyconnect check this document
01-22-2019 12:44 AM
What i need:
I added in the profile from anyconnect
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
What i want is the proper config in the CSR to make this statement work so i can connect remotely from my pc from home on the laptop from work and use anyconnect on our customer vpn that has ipsec. Is there any solution?
01-22-2019 12:46 AM - edited 01-22-2019 12:48 AM
oh. I see. why dont you use vASA and use anyconnect with it
for your problem you need to modify the xml in order to work.
01-22-2019 12:56 AM
Because our customer doesn't have ASA.
01-22-2019 01:12 AM
01-22-2019 01:17 AM
@Mohammed al Baqarithe gentleman requirement is different. he is asking for "the dir i am searching for the xml"
01-22-2019 01:17 AM
Sorry if i didn't make it clearer. The anyconnect is already configured on the CSR, but only local users can connect. I am searching for the xml anyconnect file in the flash of the CSR and unfortunately can't find it. Do you know if i can add it or if there is any other metod for csr?
01-22-2019 12:37 AM
Adding to other post...can you explian where is this CSR1000v, is this in LAB or in real Environment ?
01-22-2019 12:55 AM
Real enviroment:
I need a flex vpn like on this ASA but for CSR:
webvpn
enable Internet
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-4.0.00061-k9.pkg 1 regex "Windows NT"
anyconnect image disk0:/anyconnect-linux-64-4.0.00061-k9.pkg 2 regex "Linux"
anyconnect image disk0:/anyconnect-macosx-i386-4.0.00061-k9.pkg 3 regex "Intel Mac OS X"
anyconnect profiles any disk0:/any.xml
anyconnect enable
tunnel-group-list enable
ciscoasa# more disk0:/any.xml
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Adrem</HostName>
<HostAddress>vpn.adrem.ro</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>
The equivalent for CSR?
01-22-2019 12:57 AM
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<DisableCaptivePortalDetection UserControllable="true">false</DisableCaptivePortalDetection>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Anyconnect</HostName>
<HostAddress>1.1.1.1</HostAddress>
<PrimaryProtocol>IPsec
<StandardAuthenticationOnly>false</StandardAuthenticationOnly>
</PrimaryProtocol>
</HostEntry>
</ServerList>
</AnyConnectProfile>
01-22-2019 01:04 AM
The idea is that in the dir from csr i can't find the xml file related to anyconnect. Is there another place were can i find it? The fact is that anyconnect is already present in the config for internal remote users over ipsec. In the dir i am searching for the xml but cannot find it. Any advice?
09-15-2019 12:11 PM
@curdubanbogdan were you able to resolve or got solution for CSR to allow RemoteDesktop users to utilize anyconnect client
09-16-2019 01:54 AM
Unfortunately no. I am still searching for a solution. I can't find the xml file in csr, like on the asa. The anyconnect still works as localusersonly.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide