11-29-2010 08:37 AM - edited 02-21-2020 04:59 PM
I have one issue remaining on my anyconnect client 2.5.2006. The username in the dialog box is cached. We do not want it to be cached and have users enter their username each time.
Shilpa Gupta Mentioned this on another post of mine. Just wondering if anyone has any other thoughts! The 2.5.2006 client resolved another issue I was having so going back to 2.4 is not an option at this point.
For clearing up the credentials in the dialog box when using AnyConnect I found one of the bug:-
CSCsx76993
Symptom:
User credentials are cached in preferences.xml file when using Anyconnect client. So when they relaunch Anyconnect, the username appears in the client.
Conditions:
This is seen in all anyconnect clients. This is a configurable option in the IPSec client.
Workaround:
Currently there is no workaround
And i can see it is resolved in 2.4.202 however i am not sure if its resolved in 2.5 also. For this i would like to hear from others.
Regards,
Shilpa
Solved! Go to Solution.
11-29-2010 11:53 AM
Hi,
All bugfixes and new features in 2.4.x are also in 2.5.
However the 'bug' Shilpa pointed to, is not really a bug but an enhancement request, in other words in 2.3 and earlier the username being cached was expected behavior, and it is still the default behavior in the 'fixed' versions, so simply upgrading will not change anything. What changed is that now you can modify the behavior by setting a new parameter RestrictPreferenceCaching in the local policy file :
So adding e.g.
to your local policy should achieve what you want.
hth
Herbert
11-29-2010 11:53 AM
Hi,
All bugfixes and new features in 2.4.x are also in 2.5.
However the 'bug' Shilpa pointed to, is not really a bug but an enhancement request, in other words in 2.3 and earlier the username being cached was expected behavior, and it is still the default behavior in the 'fixed' versions, so simply upgrading will not change anything. What changed is that now you can modify the behavior by setting a new parameter RestrictPreferenceCaching in the local policy file :
So adding e.g.
to your local policy should achieve what you want.
hth
Herbert
11-29-2010 07:16 PM
Thanks Herbert that did it.
I modified the local xml and poof no more cached credentials.
If I read the article correctly this cannot be pushed down by the asa. I am going to have to do it through our software delivery system. It would be nice if it was in the profile that gets pulled down by the asa.
Purhaps in future releases.
Once again thank you for your quick and informative reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide