cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
975
Views
0
Helpful
13
Replies

RDP CSR1000V allow remote vpn users

curdubanbogdan
Level 1
Level 1

Following this link https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-2-3-254/td-p/1158863 . Do i am trying to do the same thing with CSR1000V but with no use.  Can you please help me with some indications?

13 Replies 13

Regards to CSR1000V anyconnect check this document

 

https://community.cisco.com/t5/security-documents/configure-sslvpn-on-cisco-cloud-services-router-1000v-csr1000v/ta-p/3156679

please do not forget to rate.

What i need:

 

I added in the profile from anyconnect 

<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>

 

What i want is the proper config in the CSR to make this statement work so i can connect remotely from my pc from home on the laptop from work and use anyconnect on our customer vpn that has ipsec. Is there any solution?

oh. I see. why dont you use vASA and use anyconnect with it

 for your problem you need to modify the xml in order to work.

please do not forget to rate.

Because our customer doesn't have ASA.

@Mohammed al Baqarithe gentleman requirement is different. he is asking for "the dir i am searching for the xml"

please do not forget to rate.

Sorry if i didn't make it clearer. The anyconnect is already configured on the CSR, but only local users can connect. I am searching for the xml anyconnect file in the flash of the CSR and unfortunately can't find it. Do you know if i can add it or if there is any other metod for csr?

balaji.bandi
Hall of Fame
Hall of Fame

Adding to other post...can you explian where is this CSR1000v, is this in LAB or in real Environment ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Real enviroment:

 

I need a flex vpn like on this ASA but for CSR:

 

webvpn
enable Internet
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-4.0.00061-k9.pkg 1 regex "Windows NT"
anyconnect image disk0:/anyconnect-linux-64-4.0.00061-k9.pkg 2 regex "Linux"
anyconnect image disk0:/anyconnect-macosx-i386-4.0.00061-k9.pkg 3 regex "Intel Mac OS X"
anyconnect profiles any disk0:/any.xml
anyconnect enable
tunnel-group-list enable

ciscoasa# more disk0:/any.xml
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
<AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
<ShowPreConnectMessage>false</ShowPreConnectMessage>
<CertificateStore>All</CertificateStore>
<CertificateStoreOverride>false</CertificateStoreOverride>
<ProxySettings>Native</ProxySettings>
<AllowLocalProxyConnections>true</AllowLocalProxyConnections>
<AuthenticationTimeout>12</AuthenticationTimeout>
<AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
<MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
<LocalLanAccess UserControllable="true">false</LocalLanAccess>
<ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
<IPProtocolSupport>IPv4,IPv6</IPProtocolSupport>
<AutoReconnect UserControllable="false">true
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>
<AutoUpdate UserControllable="false">true</AutoUpdate>
<RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
<AutomaticVPNPolicy>false</AutomaticVPNPolicy>
<PPPExclusion UserControllable="false">Disable
<PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
</PPPExclusion>
<EnableScripting UserControllable="false">false</EnableScripting>
<EnableAutomaticServerSelection UserControllable="false">false
<AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
<AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
</EnableAutomaticServerSelection>
<RetainVpnOnLogoff>false
</RetainVpnOnLogoff>
<AllowManualHostInput>true</AllowManualHostInput>
</ClientInitialization>
<ServerList>
<HostEntry>
<HostName>Adrem</HostName>
<HostAddress>vpn.adrem.ro</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

 

The equivalent for CSR?

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
    <ClientInitialization>
        <UseStartBeforeLogon UserControllable="true">false</UseStartBeforeLogon>
        <AutomaticCertSelection UserControllable="true">false</AutomaticCertSelection>
        <ShowPreConnectMessage>false</ShowPreConnectMessage>
        <CertificateStore>All</CertificateStore>
        <CertificateStoreOverride>false</CertificateStoreOverride>
        <ProxySettings>Native</ProxySettings>
        <AllowLocalProxyConnections>true</AllowLocalProxyConnections>
        <AuthenticationTimeout>12</AuthenticationTimeout>
        <AutoConnectOnStart UserControllable="true">false</AutoConnectOnStart>
        <MinimizeOnConnect UserControllable="true">true</MinimizeOnConnect>
        <LocalLanAccess UserControllable="true">false</LocalLanAccess>
        <DisableCaptivePortalDetection UserControllable="true">false</DisableCaptivePortalDetection>
        <ClearSmartcardPin UserControllable="true">true</ClearSmartcardPin>
        <IPProtocolSupport>IPv4</IPProtocolSupport>
        <AutoReconnect UserControllable="false">true
            <AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
        </AutoReconnect>
        <AutoUpdate UserControllable="false">true</AutoUpdate>
        <RSASecurIDIntegration UserControllable="false">Automatic</RSASecurIDIntegration>
        <WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
        <WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
        <AutomaticVPNPolicy>false</AutomaticVPNPolicy>
        <PPPExclusion UserControllable="false">Disable
            <PPPExclusionServerIP UserControllable="false"></PPPExclusionServerIP>
        </PPPExclusion>
        <EnableScripting UserControllable="false">false</EnableScripting>
        <EnableAutomaticServerSelection UserControllable="false">false
            <AutoServerSelectionImprovement>20</AutoServerSelectionImprovement>
            <AutoServerSelectionSuspendTime>4</AutoServerSelectionSuspendTime>
        </EnableAutomaticServerSelection>
        <RetainVpnOnLogoff>false
        </RetainVpnOnLogoff>
        <AllowManualHostInput>true</AllowManualHostInput>
    </ClientInitialization>
    <ServerList>
        <HostEntry>
            <HostName>Anyconnect</HostName>
            <HostAddress>1.1.1.1</HostAddress>
            <PrimaryProtocol>IPsec
                <StandardAuthenticationOnly>false</StandardAuthenticationOnly>
            </PrimaryProtocol>
        </HostEntry>
    </ServerList>
</AnyConnectProfile>

please do not forget to rate.

The idea is that in the dir from csr i can't find the xml file related to anyconnect. Is there another place were can i find it? The fact is that anyconnect is already present in the config for internal remote users over ipsec. In the dir i am searching for the xml but cannot find it. Any advice?

@curdubanbogdan were you able to resolve or got solution for CSR to allow RemoteDesktop users to utilize anyconnect client

Unfortunately no. I am still searching for a solution. I can't find the xml file in csr, like on the asa. The anyconnect still works as localusersonly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: