Skip to main content

 

 

Cisco Defense Orchestrator

Upload RA VPN AnyConnect Client Profile

The Remote Access VPN AnyConnect Client Profile is a group of configuration parameters stored in a file. There are different AnyConnect client profiles containing configuration settings for the core client VPN functionality and for the optional client modules Network Access Manager, AMP Enabler, ISE posture, Network Visibility, Customer Feedback Experience profiles, Umbrella roaming security, and Web Security.

CDO allows uploading of these profiles as objects which can be used in the group policy later. 

  • AnyConnect VPN Profile — AnyConnect client profiles are downloaded to clients along with the VPN AnyConnect client software. These profiles define many client-related options, such as auto-connect on startup and auto-reconnect, and whether the end-user can change the option from the AnyConnect client preferences and advanced settings. CDO supports the XML file format.
  • AMP Enabler Service Profile — The profile is used for the AnyConnect AMP Enabler. The AMP Enabler and this profile are pushed to the endpoints from FTD when a remote access VPN user connects to the VPN. CDO supports XML and ASP file formats.
  • Feedback Profile — You can add a Customer Experience Feedback profile and select this type to receive information about the features and modules customers have enabled and used. CDO supports the FSP file format.
  • ISE Posture Profile — Choose this option if you add a profile file for the AnyConnect ISE Posture module. CDO supports XML and ISP file formats.
  • Network Access Manager Service Profile — Configure and add the NAM profile file using the Network Access Manager profile editor. CDO supports XML and NSP file formats.
  • Network Visibility Service Profile — Profile file for AnyConnect Network Visibility module. You can create the profile using the NVM profile editor. CDO supports XML and NVMSP file formats.
  • Umbrella Roaming Security Profile — You must select this file type if you deploy the Umbrella Roaming Security module. CDO supports XML and JSON file formats.  
  • Web Security Service Profile — Select this file type when you add a profile file for the Web security module. CDO supports XML, WSO, and WSP file formats.
Before you begin

Use the suitable GUI-based AnyConnect profile editors to create the profiles you need. You can download the profile editors from Cisco Software Download Center in the AnyConnect Secure Mobility Client category and install the AnyConnect “Profile Editor - Windows / Standalone installer (MSI).” The profile editor installer contains stand-alone versions of the profile editors. The installation file is for Windows only and has the file name anyconnect-profileeditor-win-<version>-k9.msi, where <version> is the AnyConnect version. For example, anyconnect-profileeditor-win-4.3.04027-k9.msi. You must also install Java JRE 1.6 (or higher) before installing the profile editor.

Except for the Umbrella Roaming Security profile editor, the Cisco AnyConnect Secure Mobility Client software package contains all the profile editors required for creating the AnyConnect profiles. For detailed information, see the AnyConnect Profile Editor chapter in the appropriate release of the Cisco AnyConnect Secure Mobility Client Administrator Guide for details.

You need to download the AnyConnect Roaming Security profile separately from the Umbrella dashboard. For detailed information, see the "Download the AnyConnect Roaming Security Profile from the Umbrella Dashboard" section of the "Umbrella Roaming Security" chapter in the Cisco Umbrella User Guide.

  1. Navigate to Deployments > Core Identities > Roaming Computers and click Roaming Client.
  2. Under AnyConnect Umbrella Roaming Security Module, click Download Module Profile to download the OrgInfo.json file.
  3. In the CDO navigation bar at the left, click Objects.
  4. Click the blue plus blue_cross_button.png button.
  5. Click RA VPN Objects (ASA & FTD) > AnyConnect Client Profile.
  6. In the Object Name field, enter a name for the AnyConnect client profile. 
  7. From the File Type list, select a profile type you want and click Browse to navigate to the location for choosing the client image to be uploaded.
  8. Click Open to add the profile.
  9. Click Add to upload the selected AnyConnect profile to CDO.
Next Steps

Associate the client modules with the AnyConnect VPN profile in the RA VPN group policies window. See Create New ASA RA VPN Group Policies and Create New FTD RA VPN Group Policies.

Note: The client module association is supported by all ASA versions and FTD running software version 6.7 or later.