AnyConnect on 2 different Firewalls

Hello

I'm doing the design of network with 2 firewalls. I have 2 firewalls, directly connected to the same ISP. I want to configure my Anyconnect VPN client.

Design is like.

Firewall-

INTERNET SERVICE PROVIDER

Firewall-

The firewall is in Active mode and standby.

1. can I configure anyconnect so that if 1 link to ISP fails anyconnect Client automatically moves to the second firewall. ?

If Yes, what is the way to do it. ?

Assuming that we are talking about Cisco ASA firewall...

A pair of High Availability (HA) presents a single IP address for external clients. This address will move one firewall to another when a failover event occurs. The event of failover may be triggered by the State and the accessibility of a given interface.

So if the link fails, failover occurs and the standby firewall is enabled. Seen by the clients IP address remains the same and the firewall newly active seamlessly continue to carry customer VPN remote access sessions.

Tags: Cisco Security

Similar Questions

  • ASA5512X Anyconnect & harmony from Site to Site

    When I set up the Cisco Anyconnect client on our firewalls ASA5512X, I configured the tunneling split and said tunnel of the scope of our internal network.  Here, my thought was that all internet traffic is wrong in the tunnel... only internal traffic that was bound for the network.

    Since configuration AnyConnect (which works fine BTW), we needed to configure a site to site VPN tunnel in Amazon AWS.  I've muddled through the AWS documentation and was able to make the tunnel of a Site to work, so now each tunnel co-exist with enough happiness... it is as long as I am internal to the network.

    So, that's where the problem... when I connect to the AnyConnect client, access internal network resources... no problem.  However, I can't access the resources in the Amazon AWS cloud.  I suspected that my split tunneling was to blame, then I went back and the AWS beaches added to the list of networks of tunnel.  Unfortunately, this does not always work.

    So... is this still possible?  It seems to me that there should be a domestic channel that I can configure on the SAA who are moving the traffic to 172,16 addresses the connection AnyConnect and return on the AWS IPSec tunnel.

    Does anyone have experience with this?  9.1.3 a lack on our 5512 X if that makes a difference.

    Thanks in advance!

    Nate

    Maybe you are missing just the following command:

     same-security-traffic permit intra-interface

  • 2.5.2019 - SSL certificate incompatibility AnyConnect

    Hi all

    When I try to connect using autonomous Anyconnect (and not via the web), I got the SSL error message "the displayed certificate does not match the name of the site you are trying to view" (attached).

    The certificate I have installed for SSL connection on the external interface got CN = testvpn.mydomain of subject and subject Alternative Name (SAN)--> DNS name = testvpn.mydomain

    It seems to me that the place to connect to testvpn.mydomain, anyconnect try to connect to the IP address. I tried to remove the IP address in the list of servers in the profile, but it still does not work.

    If I use Clientless (via browser), I only received this error which means the certificates installed correctly.

    Is this a bug on anyconnect 2.5.2019 or are there other ways to force anyconnect to check the name instead of the IP against the certificate?

    Thank you

    Hello Lam,

    It's great that it works very well now, so let me explain what was going on, you saw the right cert warning via Anyconnect due to the profile of xml you had deployed which included the period of INQUIRY, the machine you were experimenting with downloaded this xml file and whenever you tried to connect the warning was poping up even after the removal of the IP from the list of servers on the SAA, what happens is that you probably just the changed file and continued using the same name for the profile. If you change the profile and re - use the same name, you will need to rerun the command "" disk0 profiles LAM-XML-PROFILE of svc: / LAM - PROFILE .xml ' otherwise, the old profile even in memory and will be reused. " Once you have updated the profile and you reconnect the Anyconnect client, the new profile will be uploaded but here is the catch - you must get out of the client Anyconnect to see differently the new information, it appears that the profile has not been updated.

    Hope that clarifies the issue.

    Kind regards

  • Unable to send mail via exchange server with Version 38.0.1 - password problems

    Last week, when my computer desktop auto-upgraded to 38.0.1, he lost the ability to send mail with SMTP. (It always returns an error message saying that the password is not recognized). I went around and with the administration of the server, and they are sure that the problem is on my end. All server settings are correct, according to the administration of the server and, in any case, I do not change them what has worked with earlier versions of this morning, I finally had to restart Thunderbird on my home computer. I tested the Version 31 immediately before restart - it worked. Then I tried the Version 38.0.1 immediately after the restart, - it did not work.

    I have disabled the firewall on the computer, but it made no difference. Both computers running all Windows 64-bit both 8.1; they have two different firewalls.

    I pasted in the troubleshooting information in Thunderbird below.

    Thank you
    The f

     Application Basics

       Name: Thunderbird
   Version: 38.0.1
   User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
   Profile Folder: Show Folder

                 (Local drive)
   Application Build ID: 20150608103712
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Memory Use: about:memory

     Mail and News Accounts
   account1:
     INCOMING: account1, , (imap) mail.okstate.edu:143, alwaysSTARTTLS, NTLM
     OUTGOING: smtp.okstate.edu:587, alwaysSTARTTLS, NTLM, true

       account2:
     INCOMING: account2, , (none) Local Folders, plain, passwordCleartext

     Crash Reports

     Extensions

     Important Modified Preferences

       Name: Value

         accessibility.typeaheadfind.flashBar: 0
     browser.cache.disk.capacity: 358400
     browser.cache.disk.smart_size_cached_value: 358400
     browser.cache.disk.smart_size.first_run: false
     browser.cache.disk.smart_size.use_old_max: false
     extensions.lastAppVersion: 38.0.1
     font.internaluseonly.changed: true
     font.name.monospace.el: Consolas
     font.name.monospace.tr: Consolas
     font.name.monospace.x-baltic: Consolas
     font.name.monospace.x-central-euro: Consolas
     font.name.monospace.x-cyrillic: Consolas
     font.name.monospace.x-unicode: Consolas
     font.name.monospace.x-western: Consolas
     font.name.sans-serif.el: Calibri
     font.name.sans-serif.tr: Calibri
     font.name.sans-serif.x-baltic: Calibri
     font.name.sans-serif.x-central-euro: Calibri
     font.name.sans-serif.x-cyrillic: Calibri
     font.name.sans-serif.x-unicode: Calibri
     font.name.sans-serif.x-western: Calibri
     font.name.serif.el: Cambria
     font.name.serif.tr: Cambria
     font.name.serif.x-baltic: Cambria
     font.name.serif.x-central-euro: Cambria
     font.name.serif.x-cyrillic: Cambria
     font.name.serif.x-unicode: Cambria
     font.name.serif.x-western: Cambria
     font.size.fixed.el: 14
     font.size.fixed.tr: 14
     font.size.fixed.x-baltic: 14
     font.size.fixed.x-central-euro: 14
     font.size.fixed.x-cyrillic: 14
     font.size.fixed.x-unicode: 14
     font.size.fixed.x-western: 14
     font.size.variable.el: 17
     font.size.variable.tr: 17
     font.size.variable.x-baltic: 17
     font.size.variable.x-central-euro: 17
     font.size.variable.x-cyrillic: 17
     font.size.variable.x-unicode: 17
     font.size.variable.x-western: 17
     gfx.direct3d.last_used_feature_level_idx: 0
     mail.openMessageBehavior.version: 1
     mail.winsearch.firstRunDone: true
     mailnews.database.global.datastore.id: 07443412-ffcd-4d2f-998d-7cb7d9fb13f
     network.cookie.prefsMigrated: true
     network.predictor.cleaned-up: true
     places.database.lastMaintenance: 1434665793
     places.history.expiration.transient_current_max_pages: 104858
     plugin.importedState: true
     print.printer_Samsung_C460_Series.print_bgcolor: false
     print.printer_Samsung_C460_Series.print_bgimages: false
     print.printer_Samsung_C460_Series.print_colorspace:
     print.printer_Samsung_C460_Series.print_command:
     print.printer_Samsung_C460_Series.print_downloadfonts: false
     print.printer_Samsung_C460_Series.print_duplex: 219172716
     print.printer_Samsung_C460_Series.print_edge_bottom: 0
     print.printer_Samsung_C460_Series.print_edge_left: 0
     print.printer_Samsung_C460_Series.print_edge_right: 0
     print.printer_Samsung_C460_Series.print_edge_top: 0
     print.printer_Samsung_C460_Series.print_evenpages: true
     print.printer_Samsung_C460_Series.print_footercenter:
     print.printer_Samsung_C460_Series.print_footerleft: &PT
     print.printer_Samsung_C460_Series.print_footerright: &D
     print.printer_Samsung_C460_Series.print_headercenter:
     print.printer_Samsung_C460_Series.print_headerleft: &T
     print.printer_Samsung_C460_Series.print_headerright: &U
     print.printer_Samsung_C460_Series.print_in_color: true
     print.printer_Samsung_C460_Series.print_margin_bottom: 0.5
     print.printer_Samsung_C460_Series.print_margin_left: 0.5
     print.printer_Samsung_C460_Series.print_margin_right: 0.5
     print.printer_Samsung_C460_Series.print_margin_top: 0.5
     print.printer_Samsung_C460_Series.print_oddpages: true
     print.printer_Samsung_C460_Series.print_orientation: 0
     print.printer_Samsung_C460_Series.print_page_delay: 50
     print.printer_Samsung_C460_Series.print_paper_data: 1
     print.printer_Samsung_C460_Series.print_paper_height: 11.00
     print.printer_Samsung_C460_Series.print_paper_name:
     print.printer_Samsung_C460_Series.print_paper_size_type: 0
     print.printer_Samsung_C460_Series.print_paper_size_unit: 0
     print.printer_Samsung_C460_Series.print_paper_width: 8.50
     print.printer_Samsung_C460_Series.print_plex_name:
     print.printer_Samsung_C460_Series.print_resolution: 219172664
     print.printer_Samsung_C460_Series.print_resolution_name:
     print.printer_Samsung_C460_Series.print_reversed: false
     print.printer_Samsung_C460_Series.print_scaling: 1.00
     print.printer_Samsung_C460_Series.print_shrink_to_fit: true
     print.printer_Samsung_C460_Series.print_to_file: false
     print.printer_Samsung_C460_Series.print_unwriteable_margin_bottom: 0
     print.printer_Samsung_C460_Series.print_unwriteable_margin_left: 0
     print.printer_Samsung_C460_Series.print_unwriteable_margin_right: 0
     print.printer_Samsung_C460_Series.print_unwriteable_margin_top: 0

     Graphics

         Adapter Description: Intel(R) HD Graphics 4000
     Vendor ID: 0x8086
     Device ID: 0x0166
     Adapter RAM: Unknown
     Adapter Drivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
     Driver Version: 10.18.10.3621
     Driver Date: 5-16-2014
     Direct2D Enabled: true
     DirectWrite Enabled: true (6.3.9600.17795)
     ClearType Parameters: ClearType parameters not found
     WebGL Renderer: false
     GPU Accelerated Windows: 2/2 Direct3D 11

         AzureCanvasBackend: direct2d 1.1
     AzureSkiaAccelerated: 0
     AzureFallbackCanvasBackend: cairo
     AzureContentBackend: direct2d 1.1

     JavaScript

     Incremental GC: 1

     Accessibility

       Activated: 1
   Prevent Accessibility: 0

     Library Versions

         Expected minimum version
     Version in use

         NSPR
     4.10.8
     4.10.8

         NSS
     3.18.1 Basic ECC
     3.18.1 Basic ECC

         NSS Util
     3.18.1
     3.18.1

         NSS SSL
     3.18.1 Basic ECC
     3.18.1 Basic ECC

         NSS S/MIME
     3.18.1 Basic ECC
     3.18.1 Basic ECC

    or set true network.auth.force - generic-ntlm-v1 (under preferences |) Advanced | General | Configuration editor)

  • Security Server cannot connect to the replica to connect to the server


    Hello

    I want to set up two security servers. Each connected to a login server.

    The installation of the Security Server works only when I connect to the backend connection.

    Telnet using port 4001 to replicas login server does not work. (from the Security Server)

    On the login replica server firewall rules seems to be OK.

    Who can help me here?

    Jan Willem

    It certainly works. Have two security servers, each associated with a connection to the server (for example a standard and the other a replica) is a very common scenario.

    Double check the rules in your firewall if you have an external firewall between your security servers and connection. Check for the setting procedure Administrator's guide matching password etc and for matching Security Server Troubleshooting section.  Make sure that the two security servers are configured the same (no group political advertising strategies of firewall different, firewalls running on all servers etc..). Make sure that the two connection servers are configured the same.

    Let us know what it was.

    Mark

  • Connection problem: no route to host

    Hi all

    I have a problem with my BPEL (worms. 10.1.3.4) process.
    I try to call an external web service and I get the following error (can I access the web service simply by using its URL):

    exception on JaxRpc invoke: transport HTTP error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: no route to host

    I tried to ping the remote server successfully, so I should be able to connect (no problem of proxy or something like that).

    I tried to look in the logs BPEL found in:
    < oracle home >/opmn/newspapers
    System/bpel / < oracle home > /logs
    < oracle home > / bpel/areas/default/logs
    This does not have anything useful either.

    I deploy using JDeveloper. I checked settings proxy here - and none are defined.

    Does anyone have any ideas as to what can be wrong?
    Help or advice will be appreciated.

    Kind regards
    Aagaard

    Well, it could also mean that the server that runs your applicationserver 18111 port is blocked. So I would check with your network managers if this port is open in your applicationserver. They should check the firewall (if you have no control over this yourself).

    Often the situation with a customer is that your development computer is an application server LAN so that your (development, test, acceptance, production) is a data center on an another sub - lan. With another firewall. Development of your PC, you need to access internet-http and perhaps other protocols. But these are generally not allowed on the data center lan. You will have a separate drive from your lan to the data center development. Probably the server has 2 network cards: one for the internal network and one connected to the DMZ. In the DMZ, probably a configuration of proxy/reverseproxy routes requests from outside of your application server and visa versa. If the proxy must also be checked.

    This should normally be the case in a customer-even when it's a development environment. Because you don't want intruders piracy of your systems, even on the development. And although you might not care, the dev - env should reflect your prod-env. So, it must also use a dmz with a proxy/reverseproxy configuration. If it's a Setup program on your laptop or your local home network your configuration might be simpeler. But then again, you might have to deal with different firewalls. If it's all about your laptop (using VMWare for example) I would try when temporarily stop all firewalls.

    You said that you did not have a proxy. What matters to your pc dev as the application server?

  • AnyConnect Client - connect to two different ASA virtual private networks at the same time?

    If I am already connected to a remote access using Anyconnect VPN, is it possible to connect to another on a different ASA?

    The option to connect is grayed out until I disconnect one. I don't see any way to launch another Anyconnect session!

    I can connect to one successfully by themselves.

    Neither one is "all traffic" tunneling, just a couple secure hosts for each of them.

    Thank you!

    I think that you can only connect to a VPN at the same time. So unfortunately not possible.

  • How to give different Anyconnect profiles for some users

    Hello

    I am very new to Anyconnect but managed to configure our ASA5510 with connection files 2, one with split tunneling is active and the other without.  How to configure the ASA/Anyconnect client so that most users see the connection with split tunneling profile disable but others the chance to see two connection profiles in the client?  Currently, all users the chance to see the two profiles in the client and I'm stuck at the moment to try to understand how I control what they have a chance to see the profiles of connection...  Users are authenticated on a Microsoft IAS server if what counts and the ASA is running V8.2 (1) and ASDM 6.2 (5) 53.  Thanks for any help.

    Kind regards

    Terry

    Microsoft IAS is a good piece of information. Thank you.

    So I assume you are using for Radius Authentication.

    You have 2 options:

    (1) configure the radius server IAS user mapping to a specific group by using attribute radius policy.

    Here is an example of configuration using Cisco ACS radius for your reference server:

    http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a00808cf897.shtml

    (Sorry, can't find an example of configuration using the Microsoft IAS server, but the concept is the same)

    (2) as you run microsoft IAS, I assume you are using Active Directory? Assuming it's true, you can actually authenticate via the LDAP protocol and LDAP mapping to place the user in specific group policy.

    Here is the sample configuration for LDAP authentication:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00808c3c45.shtml

    and here is the example of mapping of LDAP attributes configuration:

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a008089149d.shtml

    Hope a using the option.

  • AnyConnect/Webvpn different ip address

    Hello

    We have an ASA5510 with the Anyconnect Essentials license. I'm trying to configure Anyconnect and immediately run a question. We have a 29 configuration of the subnet and as far as I know, I have to use the address of the external interface for Anyconnect. However I have a https service PAT forward on this address. So, I Anyconnect configuration to listen on for example. the second ip address in my public subnet?

    Thank you

    Pascale

    Sent by Cisco Support technique iPhone App

    In short, no..

    But you can use the command 'port' under webvpn to listen on a port other than 443.

  • AnyConnect and 2 certificates

    people

    I have a question regarding anyconnect and using 2 profiles on a single customer

    I use anyconnect ssl vpn to connect to several sites, each using certificates and name of user and password for authentication

    My problem is that when I 2 certificates in the store of my staff two different asas, I can't authenticate on one of the firewalls

    each certificate is named differently, i.e. mycert-site1 and site2 mycert

    anyone came across this before?

    Thanks to anyone who takes the time to answer

    Hello

    You have this option in a newer version of anyconnect:

    http://www.Cisco.com/en/us/docs/security/vpn_client/AnyConnect/anyconnect24/release/notes/anyconnect24rn.html#wp1025402

    HTH,

    Marcin

  • Install MX922 on 2 different subnet?

    I have a LAN into 2 separate LAN or subnets. 1 LAN is 192.168.1.x and LAN 2 is 192.168.2.x. I installed a MX922 installation method using the network on all computers on the LAN 1 without problem. The MX922 is located on LAN 1.

    I tried to install the printer on a PC on the LAN 2 but install fails, claiming that he cannot find any printer on the network. My guess is that he is only looking on the scheme even the installation of PC is on AND the installation of the software does not allow you to set the IP address to make it look like the printer.

    I know that all firewalls are disabled and 1 LAN 2 LAN communication is very good because this printer is replacing another printer set up exactly the same way and this printer set up is still workng fine.

    I was thinking about putting the PC in question 'temporarily' on LAN 1 to install the printer and then back to LAN 2 and then manually reconfigure the port to address different IP, but when I try to configure the printer port on a PC on the LAN 1 where the printer is already installed it gives the error that there are no configurable parameters for the port. So I don't think I'd be able to configure the port once it was back on LAN 2.

    I can't be the first person to try to install one of these printers in an office environment where there are several subnets that all need to print to a central printer so I think there must be a solution, but we don't find where in the documentation or on this site that I can see. If anyone can help me please?

    Thank you.

    Solved!

    It can be done even if I emailed Canon support and their response stated that Canon printers are not able to work on multiple subnets.

    The solution is:

    1. change the PC concerned to the same LAN as the printer so they are both on the same subnet. At the time of installation, the printer and the PC must be on the same subnet.

    2. then install the printer normally.

    3. after the printer is in place and works very well on the given PC, then return to the original subnet that it is supposed to be on.

    That's all!

    There is a workaround solution. For a computer that has many PC on several different subnets, it would be a huge task. For an additional House with 1 or 2 subnets and a few PCs, it is a pain.

  • Same version of files of Windows basic in different folders

    In a first time - it's not a question about deleting double files! That said, I would like to know why several 'identical' basic Windows files are in different folders, if it is the default, or if I should suspect malware activity. I am not a Curmudgeon, but I watch and try to understand the risks in order to keep my computer as clean as possible. Normally paranoid, so to say. Yes, I have searched the Net to find answers, but because each searchresult starts with registration of tons of methods how to Remove double, which isn't what I'm shooting, I won't and hope to have some answers here.

    Some of the files that appear twice are:

    Iexplore.exe Explorer.exe, rundll32.exe, cmd.exe, msiexec.exe. Also of Ping, Taskkilll, VMI Provider Host, WinMail, Windows Media Player and more. They seem to all reside in either 'C:\Windows\System32\' or 'C:\Winndows\SysWOW64\ '.

    My instinct says files are legitimate and there for a reason (Win32 Win64 vs?), but if so - why different pairs of size have the same version numbers? And why some of the pairs do not differ from just one byte (!) in size? Also - why Internet Explorer keep running 'normally', even if I killed the process (iexplore.exe) in the firewall and why do I sometimes get an error of "Explorer finished unexpectedly" Internet to the time when I close the browser? (Freely translated from Swedish)

    System information:

    DELL Precision T5500 w. Intel Xeon 5650 CPU, 12 GB of RAM and Swedish Win7 Pro/64 from an SSD. Version of Internet Explorer is 11. Lots of available storage place on quite 3 hard disks. There is also a domestic network with 3 computers, an iPad, and two printers. Several commercial versions of security software installed reside (MalwareBytes, HitmanPro, ZoneAlarm AV + FW), as well as occasional safe mode analyses, or online, with free stuff (SuperAntiSpyware, HouseCall, TDSSKiller, CCleaner, etc.). No unusual activity not found yet, the system is apparently clean.

    Are the files of normal behavior part?

    Please notify. Thank you!

    On most systems, the folder that 'account' is the folder C:\Windows\System32 (assuming that Windows is installed on your C drive).  On a 64-bit system, those will be 64-bit on those files.

    In the 64-bit installations there will also be a SysWOW64 folder (not present on 32-bit systems) that will look much like the system32 folder.

    The SysWOW64 folder (Windows on Windows) is where Windows keeps 32 bit copy of an application that may be required from time to time on your 64 bit system.

    The files in System32 and SysWOW64 may be the same, they may be a little different, they may be very different but Windows will use the appropriate files when it should.

    If this sounds like a behavior very normal and expected.

    Don't know what 'why Internet Explorer continue to function 'normally', even if I killed the process (iexplore.exe) in the firewall' means (how can you kill IE in the firewall?).  Why do you have to kill the process of IE in the first place?

    Windows comes with a built-in so firewall if you have installed ZoneAlarm and use its firewall, this facility should have been smart enough to disable the built in Windows Firewall.

    It is not a good idea to run two firewalls at the same time, so if you are using ZA firewall you might want to pursue firewall issues and problems in the ZA community where experts hang out:

    https://www.ZoneAlarm.com/Forums/Forum.php

  • OME firewalls and ports configurations required

    I installed OME in a locked DMZ that is highly secure and has a number of different segments of network separated by firewalls... I installed OMSA on Windows physical server and ESXi 5.1 2012 hosts. I also have the physical hosts running Linux OS. OME can successfully connect to the iDRAC for each server, but not in OMSA

    Can you please indicate exactly what firewall ports must be opened to allow communications between OME and OMSA as well as between OME and iDRAC?

    Thank you

    Hi and thanks for the post.

    There should be a table in the user guide OME (online that came with the product, or at www.delltechcenter.com/ome.  The table is called:

    Support for protocols and Ports OpenManage Essentials

    And should highlight the ports you need.

    Thank you

    Rob

  • Cisco AnyConnect VPN Client maintains reconnection

    Hello

    We have recently installed an ASA5505 and activated the VPN access.

    Two of my colleagues have no problems connecting to the VPN using Cisco AnyConnect VPN Client, but I do.

    I am still disconnected after a few seconds with the message:

    "A VPN reconnect gave rise to different configuration settings. VPN network interface is to be reset. Applications using the private network may be required to restart. »

    Cisco AnyConnect VPN Client Version 2.5.2019

    I work with Windows 7 but the same thing happens when I try to connect using my computer that is running Windows Vista.

    My colleagues also using Win7

    I also tried to disable the Windows Firewall.

    Any help would be appreciated.

    Best regards

    Peter

    TAC has been able to solve the problem.   For webvpn mtu changed default from 1406 to 1200.

    Not sure why 2 other ASAs we work very well otherwise though!

    WebVPN
    SVC mtu 1200

  • Updates to CWS and AnyConnect strategies

    Hello

    I do a new install of CFS/Anyconnect. I have a client deployment and a basic policy. I wish that the client then auto policy download updates/white lists without having to VPN or directly connect to the network corp.

    Please someone could confirm if the AnyConnect client is able to automatically download updates to profile CFS to CFS/Scansafe portal or would I need to place new policies on the SAA for the customer to download when they VPN in?

    In addition, what controls are available for this? Can I set different policies for different users and the AnyConnect client will grab one based on user login information?

    Thank you

    Hi Stuart,

    In the portal of the CWS, their option to download AC configuration files, this is known as hosted Config.

    You can use this to push updates to HQ as a TND, exceptions, etc.

    You can make changes to the profile AC, download the file to the portal of the CFS and when users connect, they download and use the file updated instead of the old config file.

    You can see the Administrator's guide to Scancenter for more information on the Config files hosted for Anyconnect.

    Kush Srivastava
    YOUR Cisco IDP
    http://www.Cisco.com/Web/partners/tools/pdita.html

Maybe you are looking for

  • My keychain.app file says that is not valid.

    My keychain.app file says that it is not valid, only so I can't change anything. I tried the permissions, but make the message of invalid file again.  How to recover a file invalid or difficulty that causing trouble? I checked the time machine, but i

  • nc6000 SD slot

    Is could someone PLEASE tell me why on the nc6000 the slit on the side will read/wright to use a 2 GB SD card and not a 8 GB card? Using a USB card reader I can read/wright on the card 8 GB SD is a good card. Thanks for any help! onhoj

  • How to check the RAM comes with hp computer are authentic?

    We bought 250 hp 8300 mechines. When we chech them, their ram does not alter the apparent joints. Help us discover all the Comms of parts with that plane are original genuine hp parts of weather

  • Later update: ICS 4.0.4 (IMM76L) for US Xoom 3 G / 4 G

  • Problem creating on the new laptop recovery disks

    Hi Forum: I started the procedure of creation of recovery on a HP Pavilion g6 disk.  The laptop was bought this morning at Costco. I used discs DVD + R DL for a package that had been previously used for other creations of recovery disc (on other new