cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1525
Views
0
Helpful
3
Replies

VPN AnyConnect Pre-deployment Configuration

JohnNetEng
Level 1
Level 1

Is it possible with the Anyconnect predeployment tool to uncheck the "Block connections to untrusted servers" in the MSI for AnyConnect secure mobility client version 3.1.05152 so that it gets pushed out to endusers this way?

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

It's part of the AnyConnect global local policy xml file. You can opt to deploy that (and any connection profiles) along with the msi which installs the other application bits.

You can create it on the ASA using ASDM and manually copy if off into your deployed package or use the standalone AnyConnect Profile Editor - VPN Local Policy component in this case. Unchecking the "Strict Certificate Trust" is the box that changes the client behavior the way you asked. that translates to a line in the file like this:

<StrictCertificateTrust>false</StrictCertificateTrust>

 

Hi Marvin,

There seems to be no Strict Certificate Trust-box or option in the VPN Editor standalone.exe or in the ASA 9.8.4.15/ ASDM 7.15.1.150 Anyconnect client 4.9.06037. I can't get this tick box to show in anyconnect preferences, if the certificate expires no work around is available.

bleuangel
Level 1
Level 1

Hello,

 

Can I ask where can I download the Anyconnect client 64 bit version .msi package for Windows?

 

Appreciate your help.

 

Thanks! :)