Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Locking down anyconnect client profile

I was wondering if there is a way to lock down the anyconnect profile on a clients machine.  Basically we are using certifcates to authenticate so the client can make a VPN connection.  We have enabled the certifcate match function to check for IPSec User Extended Match Key.  I can modify the XML on the client PC to bypass the check and authenticate.  We would like to keep users from doing that.  Is there something I can setup on the ASA versus the client to check the certificate or prevent the XML from being modified?

Thanks in advance.

Everyone's tags (1)

Re: Locking down anyconnect client profile

You can disable the user from changing any settings in the XML profile

Sent from Cisco Technical Support iPad App

New Member

Locking down anyconnect client profile

I went in and modified the xml and removed the following.  I was then able to make a connection without checking for the IPSecUser extended key usage.  I have 2 certs on my client.  One cert has the IPSecUser extended key usage and the other does not.






CreatePlease to create content