Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1363
Views
0
Helpful
2
Replies

Locking down anyconnect client profile

wngwngwng
Level 1
Level 1

‎02-28-2012 08:59 AM - edited ‎02-21-2020 05:54 PM

I was wondering if there is a way to lock down the anyconnect profile on a clients machine.  Basically we are using certifcates to authenticate so the client can make a VPN connection.  We have enabled the certifcate match function to check for IPSec User Extended Match Key.  I can modify the XML on the client PC to bypass the check and authenticate.  We would like to keep users from doing that.  Is there something I can setup on the ASA versus the client to check the certificate or prevent the XML from being modified?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

andrew.prince
Level 10
Level 10

‎02-28-2012 11:37 AM

You can disable the user from changing any settings in the XML profile

Sent from Cisco Technical Support iPad App

0 Helpful

wngwngwng
Level 1
Level 1
In response to andrew.prince

‎02-28-2012 12:09 PM

I went in and modified the xml and removed the following.  I was then able to make a connection without checking for the IPSecUser extended key usage.  I have 2 certs on my client.  One cert has the IPSecUser extended key usage and the other does not.

 

  

    IPSecUser

  

 

0 Helpful
Customers Also Viewed These Support Documents