01-22-2019 12:18 AM
Following this link https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-2-3-254/td-p/1158863 . Do i am trying to do the same thing with CSR1000V but with no use. Can you please help me with some indications?
01-22-2019 12:30 AM - edited 01-22-2019 12:31 AM
Regards to CSR1000V anyconnect check this document
01-22-2019 12:44 AM
What i need:
I added in the profile from anyconnect
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
What i want is the proper config in the CSR to make this statement work so i can connect remotely from my pc from home on the laptop from work and use anyconnect on our customer vpn that has ipsec. Is there any solution?
01-22-2019 12:46 AM - edited 01-22-2019 12:48 AM
oh. I see. why dont you use vASA and use anyconnect with it
for your problem you need to modify the xml in order to work.
01-22-2019 12:56 AM
Because our customer doesn't have ASA.
01-22-2019 01:12 AM
01-22-2019 01:17 AM
@Mohammed al Baqarithe gentleman requirement is different. he is asking for "the dir i am searching for the xml"
01-22-2019 01:17 AM
Sorry if i didn't make it clearer. The anyconnect is already configured on the CSR, but only local users can connect. I am searching for the xml anyconnect file in the flash of the CSR and unfortunately can't find it. Do you know if i can add it or if there is any other metod for csr?
01-22-2019 12:37 AM
Adding to other post...can you explian where is this CSR1000v, is this in LAB or in real Environment ?
01-22-2019 12:55 AM
Real enviroment:
I need a flex vpn like on this ASA but for CSR:
webvpn
enable Internet
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-4.0.00061-k9.pkg 1 regex "Windows NT"
anyconnect image disk0:/anyconnect-linux-64-4.0.00061-k9.pkg 2 regex "Linux"
anyconnect image disk0:/anyconnect-macosx-i386-4.0.00061-k9.pkg 3 regex "Intel Mac OS X"
anyconnect profiles any disk0:/any.xml
anyconnect enable
tunnel-group-list enable
ciscoasa# more disk0:/any.xml
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Adrem</HostName>
<HostAddress>vpn.adrem.ro</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>
The equivalent for CSR?
01-22-2019 12:57 AM
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<DisableCaptivePortalDetection UserControllable="true">false</DisableCaptivePortalDetection>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Anyconnect</HostName>
<HostAddress>1.1.1.1</HostAddress>
<PrimaryProtocol>IPsec
<StandardAuthenticationOnly>false</StandardAuthenticationOnly>
</PrimaryProtocol>
</HostEntry>
</ServerList>
</AnyConnectProfile>
01-22-2019 01:04 AM
The idea is that in the dir from csr i can't find the xml file related to anyconnect. Is there another place were can i find it? The fact is that anyconnect is already present in the config for internal remote users over ipsec. In the dir i am searching for the xml but cannot find it. Any advice?
09-15-2019 12:11 PM
@curdubanbogdan were you able to resolve or got solution for CSR to allow RemoteDesktop users to utilize anyconnect client
09-16-2019 01:54 AM
Unfortunately no. I am still searching for a solution. I can't find the xml file in csr, like on the asa. The anyconnect still works as localusersonly.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: