I am using a cisco ASA 5520 as an endpoint for an ssl vpn. Users are authenticating by a smart card certificate. Right now the users have to browse to the endpoint via the web because using the client directly will sometimes select the wrong certificate on the card.
I have created an XML profile and assigned the appropriate tunnelgroup to it. The option for autotmatic cert selection is set to false.
Now when the user uses the anyconnect client directly they do indeed download the profile (you can manually check it in the local directorys)
The problem is the next time the user trys to establish a connection with the client directly it is as if it has never recieved the profile update (it reverts) almost as if there is some sort of local overide.
Once again i can verify that the client is indeed receiving the profile from the asa. Infact after the connection is underway when you click on the user options the autoconnect feature is there. (its too late at this point because this is the first time around and a cert has already been selected because of this setting in the default profile)
The problem is it won't save this profile to use the next time.
I have even tried manually editing the profile locally on the users PC and it still will not use the settings I set and it reverts.
This is a little odd to me and I have read all of ciscos documentation on anyconnect client profiles.
Does anyone know what could be wrong or have any insight?