Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Anyconnect client predeploy with IPSEC Only profile

Hello,

 

I seem to not be able to get an answer out of the TAC on this, I have an application where by I need to predeploy the anyconnect client for use with an ASA 5550, and I am not able to get it to work. The profile must be IPSEC only, there cannot be any https/SSL used at all for connection, discovery, setup or anything. https/ssl is blocked by default inbound, and having it changed is difficult. How can I create a VPN profile that does this, and copy it to a user system, along with teh Anyconnect client install. I am able to create and use a profile for the old Cisco VPN client.

 

Thanks in advance--Matt

1 REPLY
Hall of Fame Super Silver

You'd have to disable client

You'd have to disable client services for the connection profile. It would prevent you from pushing any profile updates, AnyConnect updates etc., but it will still work if you already have the desired AnyConnect software and profile on your clients.

Most importantly, the pre-deployed profile will need to denote:

     <PrimaryProtocol>IPsec</PrimaryProtocol>

This will allow you to follow the procedure in this document while skipping the bits about using SSL for the initial profile deployment (and subsequent updates).

69
Views
0
Helpful
1
Replies
CreatePlease to create content