Meraki

Mazide

Hi everyone,

I’m looking for some guidance on Cisco Secure Client behavior with Meraki VPN.

I’ve used the Cisco Secure Client Profile Editor (v5.1.12.146) to modify the XML profile, but the changes don’t seem to take effect on the Windows client.
My goal is to disable auto-connect so that the VPN client doesn’t launch or connect automatically — I want users to manually initiate the VPN connection instead.

Here’s what I’ve tried so far:

Edited the profile in the Secure Client Profile Editor.
Set <AutoConnectOnStart> to false and confirmed it’s in the XML.
Stored the file here:
C:\Program Files (x86)\Cisco\Cisco Secure Client Profile Editor\XMLresources

However, the VPN still pops up automatically when the user logs in.

👉 Questions:

Are you using the Secure Client Profile Editor with Cisco Meraki VPN as well?
Where exactly should the XML file be stored so the Cisco Secure Client on Windows reads it correctly?
Is there another setting or registry key that controls the auto-connect behavior with Meraki VPN?

Any insight from those who’ve successfully disabled auto-connect would be greatly appreciated.

Thanks in advance!

alemabrahao

The name is case sensitive. Save like this "Profile.xml"

Save in this path: C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Client_deployment#How_...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Mazide

Thank you! I was able to locate the XML file, and here’s what it currently looks like.

==================================

<DefaultHostName>companyname.com</DefaultHostName>

</ControllablePreferences>

</AnyConnectPreferences>

====================================================

My next step is to disable the following three options (to disable the AutoConnect):

====================================================

<UseStartBeforeLogon>false</UseStartBeforeLogon>

<AutoConnectOnStart>false</AutoConnectOnStart>

<DisableCaptivePortalDetection>false</DisableCaptivePortalDetection>

====================================================

I’ve tried editing these settings locally and saving the changes, but whenever I toggle those option from the VPN client options, they still seem to take effect (just making sure end users will not play with it)

Now I’m wondering once the XML profile is pushed from Meraki, which configuration takes priority: the one deployed from the dashboard or any local edits made through the VPN client’s preferences menu?

alemabrahao

No, Meraki doesn't apply anything to the profile.

The file is saved in a location on your machine.

My suggestion is to directly manipulate the XML and save the file in the path I mentioned.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Meraki

Community

Cisco Secure Client (Meraki) – Disable Auto Connect / Force Manual VPN Connection

Cisco Secure Client (Meraki) – Disable Auto Connect / Force Manual VPN Connection