AnyConnect client profiles are downloaded to clients along with the VPN AnyConnect client software. These profiles define many client-related options, such as auto-connect on startup and auto-reconnect, and whether the end-user can change the option from the AnyConnect client preferences and advanced settings.
If you configure a fully-qualified hostname (FQDN) for the outside interface when configuring the remote access VPN connection, the system creates a client profile for you. This profile enables the default settings. You must create and upload VPN AnyConnect client profiles only if you want non-default behavior. Note that client profiles are optional: if you do not upload one, AnyConnect clients will use default settings for all profile-controlled options.
Note: You must include the FTD device’s outside interface in the VPN profile’s server list for the AnyConnect client to display all user-controllable settings on the first connection. If you do not add the address or FQDN as a host entry in the profile, then filters do not apply for the session. For example, if you create a certificate match and the certificate properly matches the criteria, but you do not add the device as a host entry in that profile, the certificate match is ignored.
You can also create AnyConnect client profile objects while editing a profile property by clicking the Create New AnyConnect Client Profile link shown in the object list.
Before you begin
Before you can upload VPN AnyConnect client profiles, you must do the following.
- Download and install the stand-alone AnyConnect “Profile Editor - Windows / Standalone installer (MSI).” The installation file is for Windows only and has the file name anyconnect-profileeditor-win-<version>-k9.msi, where <version> is the AnyConnect version. For example, anyconnect-profileeditor-win-4.3.04027-k9.msi. You must also install Java JRE 1.6 (or higher) before installing the profile editor. Obtain the AnyConnect profile editor from https://software.cisco.com/download/home/283000185 in the AnyConnect Secure Mobility Client category.
- Use the profile editor to create the profiles you need. You should specify the hostname or IP address of the outside interface in the profile. For detailed information, see the editor’s online help.
The following procedure explains how you can create and edit objects directly through the Objects page:
Create an AnyConnect Client Profile Object
- In the CDO navigation bar at the left, click Objects.
- Click the blue plus button.
- Click FTD > AnyConnect Client Profile.
- In the Object Name field, enter a name for the AnyConnect client profile.
- Click Browse and select the file you created using the Profile Editor.
- Click Open to upload the profile.
- Click Add to add the object.