We currently have a remote access VPN through an ASA 5515, and are currenly using the legacy VPN client. As Cisco has retired trhis client, and bit has ecome more challenging to have it to work with newer OSes. And on top of that, some of our users are using MAC OS computer. Therefore, i need to create new profile to distribute with the Anyconnect Mobile client.
I have been reading the documentation for close to a week now, but still don't know where to start. The documentation states that a sample profile comes with the application, but i have checked all the directory but CAN'T locate this profile. However, i have found a profile with extension xsd(something like that)... i have tried to modify this file, but there is nowhere to add the password for the VPN group.
So if anyone, in here, has recently gone through creating a profile for anycconnet... i will be greatfully for some guidance.
The original poster needs to understand that using AnyConnect is quite different from using the traditional IPSec client that he is used to. One of the big differences is that the IPSec client is using ISAKMP and this requires the group ID and a password for the group which are stored in the PCF profile. This seems to be what he is looking for with AnyConnect. But AnyConnect, by default, is using SSL and does not use ISAKMP and so has no group ID and password to be configured. The profile that is used for AnyConnect is quite different from the PCF that he is used to.
Completely understand that you have the IPSec client currently, but you specifically state "... i need to create new profile to distribute with the Anyconnect Mobile client." and that's what we're trying to help you with. There is an Anyconnect Profile Editor app that may help. Here's the download link (you do need CCO access).
I believe that the original poster has some expectations for the profile used with AnyConnect that can not be achieved. Here is part of what he says in the original post "i have tried to modify this file, but there is nowhere to add the password for the VPN group."
The PCF used with the original IPSec client did have fields for the group ID and password. That functionality does not exist (as far as I know) with AnyConnect. My experience with AnyConnect has been with the SSL VPN implementation, which clearly does not have the concept of group ID and password. The new versions of AnyConnect do support IKEv2 and IPSec. I am not clear whether they use the concept of group ID and password. Perhaps this is an option that the original poster might evaluate.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...