cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4112
Views
0
Helpful
6
Replies

Create anyconnect pcf profile for ASA

HI all,

          We currently have a remote access VPN through an ASA 5515, and are currenly using the legacy VPN client. As Cisco has retired trhis client, and bit has ecome more challenging to have it to work with newer OSes. And on top of that, some of our users are using MAC OS computer. Therefore, i need to create new profile to distribute with the Anyconnect Mobile client.

I have been reading the documentation for close to a week now, but still don't know where to start. The documentation states that a sample profile comes with the application, but i have checked all the directory but CAN'T locate this profile. However, i have found a profile with extension xsd(something like that)... i have tried to modify this file, but there is nowhere to add the password for the VPN group.

So if anyone, in here, has recently gone through creating a profile for anycconnet... i will be greatfully for some guidance.

Thanks,

6 Replies 6

Please tell us what you wan't to acomplish. For basic AnyConnect-VPNs (at least with SSL/TLS) you don't need profiles at all.

For anythig regarding AnyConnect-profiles the Admin-Guide is the most importand source of information:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31.html

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Collin Clark
VIP Alumni
VIP Alumni

The default profile is located at (Win7)

C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\AnyConnectProfile.xml

As Karsten noted, the Admin guide will help you customize as needed.

The original poster needs to understand that using AnyConnect is quite different from using the traditional IPSec client that he is used to. One of the big differences is that the IPSec client is using ISAKMP and this requires the group ID and a password for the group which are stored in the PCF profile. This seems to be what he is looking for with AnyConnect. But AnyConnect, by default, is using SSL and does not use ISAKMP and so has no group ID and password to be configured. The profile that is used for AnyConnect is quite different from the PCF that he is used to.

HTH

Rick

HTH

Rick

Thank you all for the replies... Rick is right,  as i clearly mentioned in the Original post, i have an ISAMKP remote access VPN in place. THis is not a SSL VPN...

Collin, i have double checked this directory and can't find this default profile. Maybe i need to un-install and reinstall the Annyconnect client.

Thanks,

Completely understand that you have the IPSec client currently, but you specifically state "... i need to create new profile to distribute with the Anyconnect Mobile client." and that's what we're trying to help you with. There is an Anyconnect Profile Editor app that may help. Here's the download link (you do need CCO access).

http://software.cisco.com/download/cart.html?imageGuId=5E340EACE7F627227A3640B538AFC81E3917744B&i=rs

I believe that the original poster has some expectations for the profile used with AnyConnect that can not be achieved. Here is part of what he says in the original post "i have tried to modify this file, but there is nowhere to add the password for the VPN group."

The PCF used with the original IPSec client did have fields for the group ID and password. That functionality does not exist (as far as I know) with AnyConnect. My experience with AnyConnect has been with the SSL VPN implementation, which clearly does not have the concept of group ID and password. The new versions of AnyConnect do support IKEv2 and IPSec. I am not clear whether they use the concept of group ID and password. Perhaps this is an option that the original poster might evaluate.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: