cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38023
Views
5
Helpful
11
Replies

VPN Host address

Isaac ...
Level 1
Level 1

Hi,

Sorry if this has already been asked before.

We have the Cisco anyconnect VPN client installed for our users.

We are looking for a way so our users can just click on the VPN client and connect without having to type in host addresses or select groups.

Obviously they will need to type in a user name and password to login.

What options do we have to do this?

Thanks

Isaac

1 Accepted Solution

Accepted Solutions

Isaac

If you are installing the AnyConnect client manually, then if you get a profile you could manually copy the profile to the correct directory.

HTH

Rick

HTH

Rick

View solution in original post

11 Replies 11

nspasov
Cisco Employee
Cisco Employee

You will need to configure and deploy the AnyConnect profile. For more info on that please check out the following links:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/administration/guide/b_AnyConnect_Administrator_Guide_4-3/customize-localize-anyconnect.html

https://supportforums.cisco.com/discussion/11496576/multiple-client-profiles-anyconnect

I hope this helps!

Thank you for rating helpful posts!

Isaac

I agree that what you want to do is to implement the XML profile for AnyConnect. It is optional to use the profile and many people implement AnyConnect without using the profile. But one of the nice things that the profile gives you is the ability for AnyConnect to remember the name/IP of the VPN head end so that users do not have to type that in.

HTH

Rick

HTH

Rick

I’m struggling to find answers to some questions.

What I've managed to do so far...

By creating a new profile XML file with the following will add new connections to the VPN found in the location “C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile”

This will set a default host address and host name for all users.

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">;

  <ServerList>

    <HostEntry>

      <HostName>TEST</HostName>

      <HostAddress>x.x.x.57</HostAddress>

    </HostEntry>

  </ServerList>

</AnyConnectProfile>

You can make several hosts using this method, each new host will need to be saved in the location with a different file name.

To change the default group (AD/Customers/Staff/Suppliers) and username you will need to edit the preferences file found at: “C:\Users\user.name\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client”.

 

Which is all fine, simple to understand.

I do not have access to the ASA or ASDM or any software from cisco. So I’m a little confused as to how the ASDM makes profiles for users? How does it push the host name and address to the client and what’s the difference between ASA and ASDM? It’s a little vague while trying to research this.

 

Also can installs of the AnyConnect Secure Mobility Client be customised to automatically use a specified host address? Is this done using a transform file?

 

Any help clearing up these questions would be greatly appreciated.

 

Thanks

Isaac.

 

Isaac

ASA is the device that can process sessions for the AnyConnect Remote Access VPN client.

ASDM is the GUI that can be used to manage and configure the ASA.

It is possible to specify more than one host in the profile. You do not require a separate profile for each host, though you could do that if there was some reason that you would want to.

Typically the profile is created by the administrator of the ASA to which the clients will connect and the profile is downloaded to the client by the ASA as part of establishing the AnyConnect session. If you do not have the ASA then perhaps you can discuss with the administrator who does have that ASA about creating a profile for you. But if that is not possible then there is a standalone profile editor available from Cisco. And in the worst case it is possible to use a text editor and to create the profile manually (I did that the first time I implemented AnyConnect and then discovered how much better it was to use the tool designed for the profile).

HTH

Rick

HTH

Rick

Hi Richard,

 

Thanks for the reply, what if the user hasn’t used the vpn client? Wouldn’t it will be blank without a host address till the first established a connection to the ASA? Or does the ASDM push out the details of host address etc using some sort of policy?

 

We want to make it easy for our users just to click on the VPN client and click connect and then type a password.

 

I don’t have access to the ASDM or Profile editor, but I want to be able to go back to my manger with at least some information on how we should proceed.

 

Thanks for the reply it’s appreciated.

 

 Isaac

Isaac

In normal practice if a user has not yet used AnyConnect then the profile will not exist on their PC (not a blank profile but no profile). When the user connects with AnyConnect to an ASA which uses the profile then the profile will be downloaded to the PC.

ASDM may be used to create the profile but does not play any role in distributing the profile. Distribution is done by the ASA (or can be done manually by the PC administrator - as seems to be the case for you).

Normally the AnyConnect client (and profile if configured) are downloaded to the PC from the ASA when the user makes the initial connection. If you do not have an ASA then can you tell me how the AnyConnect client is loaded on your user PCs?

HTH

Rick

HTH

Rick

We installed the client manually from the MSI file on each indivdual computer.

Isaac

If you are installing the AnyConnect client manually, then if you get a profile you could manually copy the profile to the correct directory.

HTH

Rick

HTH

Rick

Hi Richard.

I think we are going with that option, as it seems the easiest route to streamline the VPN for our users.

Thanks for your help on this matter, its appreciated.

Isaac.

Isaac

I am glad that my suggestions have been helpful. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions which have helpful information.

HTH

Rick

HTH

Rick

Excellent thanks for the replies. I'll look into those articles.

Isaac.