Hi all,
I’m quite a new user to the Cisco Secure Client / Anyconnect VPN.
In total the company has 3 locations to where a VPN can be established. I would like to have all 3 of these connections profiles to be visible in the Connect List when you launch the VPN client.
So the dropdown would actually show:
vpnsite1.domain.com
vpnsite2.domain.com
vpnsite3.domain.com
In what file do I make that happen, or what is the best way to establish this?
Thanks!
You can have multiple servers on single Anyconnect xml profile if the settings for those servers allow you to use the same settings defined in the xml.
You just need the server list to include all servers:
<ServerList>
<HostEntry>
<HostName>vpnsite 1</HostName>
<HostAddress>vpnsite1.domain.com</HostAddress>
</HostEntry>
<HostEntry>
<HostName>vpnsite 2</HostName>
<HostAddress>vpnsite2.domain.com</HostAddress>
</HostEntry>
<HostEntry>
<HostName>vpnsite 3</HostName>
<HostAddress>vpnsite2.domain.com</HostAddress>
</HostEntry>
</ServerList>
If these are for high availability you can configure them in the vpn profile.
If not you need 3 profiles that you need to deploy to the clients out of band. This way you can pick all of them from the dropdown.
As mentioned you will use (a single) AnyConnect Client Profile for this. Easiest to configure using ASDM. Very easy.
This is the way, but it needed to be on the backend (all three need the same profile) not the local client. If you patch your local .xml file it will be overwritten by the Profile served from the backend.
This is not for high availability, but for allowing VPN connection to the 3 different sites independently.
So indeed, ideally the end user should see all 3 connections in the dropdown.
When you say out of band, this means in a configuration file on the client PC?
Then you need 3 vpn config files aka profiles. I meant that not the VPN headend will deploy them on connection (it can but the user need to know the connection parameters) instead you pre-deploy them with something (SCCM, script etc) to the users PC.
Nope that is not correct! You can have multiple entry’s in the drop-down menu, but all three backends should serve the same profile to the client.
Yeah but if they need different settings for every headend they cant use it this way. Of course we dont know any details.
I have to correct myself. Yes You are right. You can have different settings and profiles on each backend, but at least the server list should contain every one of the headend. So the profile would be overwritten on each connect to a different server