windows 7 - Cisco AnyConnect Profile Keeps Getting Overwritten

27
2013-10
  • Kingamoon

    I'm using Cisco AnyConnect 3.1.04059 (on a Windows 7 - I'm an admin) to connect to work's VPN. I have located the profile that is stored locally that's being used by the client. But when I make modifications to it (like disabling it from starting before logging in), those modifications get overwritten right after a connection is established. How can I prevent that from happening?

    • Answers
  • one.time

    The fields within the locally stored AnyConnect profile .xml do not reflect local changes made to user controllable preferences.

    Cisco AnyConnect profile:

    When an endpoint connects to an ASA using the Cisco AnyConnect Secure Mobility Client, the profile that is stored locally is either merged with updates made to the ASA, or a new file is added if the .xml file is missing/removed. The settings within this .xml are not designed to be locally editable and will be overwritten, with the profile that is configured on the ASA, upon successfully connecting. The location of the AnyConnect profile varies by OS, but the location for Windows 7 is:

    %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\name.xml

    Cisco AnyConnect preferences:

    However, there are user editable preferences that can be modified within the Cisco AnyConnect Secure Mobility Client's UI. The changes made in the UI are stored in a separate .xml file. The location of the user editable preference file varies by OS, but the location for Windows 7 is:

    C:\Users\username\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml

    enter image description here

    Reference: AnyConnect 3.0 Administration Guide


    • Related Question

    Configuring Windows VPN Connection from Cisco AnyConnect
  • Oliver Hanappi

    I don't know if it is possible but I would like to configure a Windows 7 VPN connection in a way that I can connect to a network which I normally reach by using Cisco AnyConnect VPN Client. Does Cisco use a protocol which Windows 7 understands also and where can I find the configuration details of the VPN connection?

    If you wonder why I'm trying to do this: I need to connect via VPN to several different networks from different companies/organizations/universities and each one uses its own VPN client. I don't want my computer to have 5 VPN clients installed, therefore I'm trying to replace them with simple Windows VPN connections.


    • Related Answers
  • Joey

    That greatly depends on the configuration of the server. Cisco Concentrators can speak PPTP which works on nearly every version of Windows, but it's costly in terms of performance. The number of possible connections drops to about a tenth for the server so this is rarely activated.

    Furthermore there seems to be an option to enable L2TP. The documentation states that but at least for our university here no one figured out how to enable it and set it up.

    You would have to ask the person maintaining the server whether one of the above options apply.

    For the "usual" Cisco IPSec over UDP there is no native option in Windows, unfortunately.