Anyconnect Client Profile updates the users XML profile yet it does not work
I am using a cisco ASA 5520 as an endpoint for an ssl vpn. Users are authenticating by a smart card certificate. Right now the users have to browse to the endpoint via the web because using the client directly will sometimes select the wrong certificate on the card.
I have created an XML profile and assigned the appropriate tunnelgroup to it. The option for autotmatic cert selection is set to false.
Now when the user uses the anyconnect client directly they do indeed download the profile (you can manually check it in the local directorys)
The problem is the next time the user trys to establish a connection with the client directly it is as if it has never recieved the profile update (it reverts) almost as if there is some sort of local overide.
Once again i can verify that the client is indeed receiving the profile from the asa. Infact after the connection is underway when you click on the user options the autoconnect feature is there. (its too late at this point because this is the first time around and a cert has already been selected because of this setting in the default profile)
The problem is it won't save this profile to use the next time.
I have even tried manually editing the profile locally on the users PC and it still will not use the settings I set and it reverts.
This is a little odd to me and I have read all of ciscos documentation on anyconnect client profiles.
Does anyone know what could be wrong or have any insight?
Re: Anyconnect Client Profile updates the users XML profile yet
Have you made sure that in the "" section of the profile , you are specifying the correct DNS\IP of the ASA to which the Users are connecting ?
After the first attempt, do you see the XML profile downloaded on the PC ?
If answer to both the above is 'Yes' then after the first connect and after profile is downloaded, exit out of the AnyConnect Client GUI. Clear the Event Viewer logs for AnyConnect. Start AnyConnect again and then go through the Event Viewer logs, it should point you in the right direction on why it is unable to Read the downloaded Profile (E..g XML parsing error etc)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...