Does anyone know how to pre-populate the VPN Url that is needed for using Cisco Anyconnect?
It seems that i have to manually enter in the VPN Url with every fresh install.
Or, maybe i’m approaching this the wrong way and need to use something else other than SCCM?
Once you have your connections configured on a working system, pull Preferences.xml from C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile, and copy that as part of your install.
You can place any number of profile XML files in the %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile folder to load in. The Preferences_global would let you specify which is the default. You could include that with your AnyConnect deployment, or manage it through compliance setting or policy.
Here’s a sample profile XML file you can fill in with the options you want
Use Cisco’s tool to build a profile and deploy it with your VPN install.
God, I remember struggling with this and configuring the NAM client for so freakin long. I feel your pain.
Everyone else in here is absolutely correct, but if you’re looking for a method in which to copy that file into the appropiate directory (other than a simple batch file), check out the Powershell App Deployment Toolkit.
When I was packaging this, I also wrote a function (I can dig up if you’re interested) that detects if AnyConnect is currently connected and, if so, will delay the install.
Here is my batch file I use to install AnyConnect (deployed as an application). Waiting on our Networking department to provide me current version files.
start /wait msiexec /i "%~dp0\anyconnect-win-4.2.01035-pre-deploy-k9.msi" /qb /norestart /passive
start /wait msiexec /i "%~dp0\anyconnect-dart-win-4.2.01035-k9.msi" /qb /norestart /passive
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\vpn.<redacted>.com.xml" copy /y "%~dp0\vpn.<redacted>.com.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
if not exist "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\vpn-dr.<redacted>.com.xml" copy /y "%~dp0\vpn-dr.<redacted>.com.xml" "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile"
This. Also other files and/or settings. Hekc, make them compliance baselines so they self-correct your existing environment as well
This is what we do. Works well, unlike AnyConnect.
Sorry, i have close to zero experience with Cisco VPN setup but are you saying there is some sort of console or setting where an admin can create a profile to add the VPN url by default with the VPN Software Install or something similar?
wait… so there is a Cisco Tool that can create a profile and be part of the VPN install?
Do you have any reading material for this??? I don’t mess much with the Cisco VPN stuff so my knowledge of how it works or other tools at disposal is close to zero so i appreciate any help and your patience.
oh ok cool i appreciate that script! I"m guessing the “%~dp0\vpn..com.xml” is a vpn profile created by the network team or is it something you created an populate on your own separate from them? I"m trying to get an idea of what all is needed on my side and what needs to be done by them in a way. Thanks for the help and time!
There are two ways. You can do it from the ASDM or you can do it with their standalone editor. Go to the cisco site and look at your anyconnect downloads. The big zip file will contain the standalone profile editor. If you don’t have a cisco login, but your network admin a beer and tell him to download it for you and provide it.
I used the predeploy package and installed via SCCM. The first step was to install the anyconnect VPN, the second would drop the XML in the right location (%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile). At next reboot, the anyconnect client will use that profile.
It’s been years since I did any of this, but I THINK the part of the XML you need is as follows:
yourASAhostname vpn.whatever.comHere is a guide to the XML itself.
The xml files (1 is our primary connection - the other is to our DR site) were both created by our Networking department. Our main xml file is 58 lines in length. In it, you can specify the somename.domain.com