Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cisco anyconnect VPN - XML profiles not appearing in dropdown box

Solved
Stewie
Conversationalist
‎Jul 11 2023 8:24 AM
‎Jul 11 2023 8:24 AM

Cisco anyconnect VPN - XML profiles not appearing in dropdown box

Hello,

 

We are currently rolling out Cisco anyconnect VPN to replace the L2TP VPN my company has been using for years.

 

One of the last issues we are trying to resolve is getting the vpn profiles to work with the client, when the profile is downloaded from our MX68 appliance it works, and the dropdown box populates with multiple gateways. however the powers that be require the profiles to be set before our users connect to the VPN for the first time.

 

 

from the setup documentation (and other forum posts i've found from searching) the xml file should be placed in C:\programdata\cisco\cisco anyconnect secure mobility client\profile

 

however, after manually placing the .xml file in the profile folder it doesn't populate. I have restarted the services, rebooted, reinstalled, renamed the .xml, remade the file via the profile builder, but nothing I've tried so far has gotten this to work.

Stewie_2-1689088750737.png

I have also tried placing the .xml file into the C:\programdata\cisco\cisco secure client\VPN\Profile without any luck as well.

 

Stewie_3-1689088883714.png

we are using the default DDNS name that is generated by the MX68 meraki appliance.

 

meraki firmware is: MX 18.107.2

cisco secure client - Anyconnect VPN version is: 5.0.02075

I've tried this on multiple machines and OS, including Win10 pro, Ent,and win 11 pro.

 

any insight from the community that can point me in the right direction, as I'm stumped.

 

 

##EDIT: to anyone who stumbles on this in the future, the "Profile.xml" is case sensitive. If you attempt to use "profile.xml" for the cisco VPN client, it will not work. @alemabrahao had the solution dead on, this is just a reminder to double check the case of your file.

Labels:
0 Kudos
Subscribe
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 11 2023 9:15 AM
‎Jul 11 2023 9:15 AM

This configuration has nothing to do with the MX configuration, it is a local configuration in the workstation. Here is an example:

 

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
<ServerList>
<HostEntry>
<User>Pandiyan</User>
<HostName>MyHost</HostName>
<HostAddress>local.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
<ServerList>
<HostEntry>
<User>Guest</User>
<HostName>MyGuest</HostName>
<HostAddress>guest.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

 

Save with name Profile.xml

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

Subscribe
10 Replies 10
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 11 2023 9:15 AM
‎Jul 11 2023 9:15 AM

This configuration has nothing to do with the MX configuration, it is a local configuration in the workstation. Here is an example:

 

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
<ServerList>
<HostEntry>
<User>Pandiyan</User>
<HostName>MyHost</HostName>
<HostAddress>local.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
<ServerList>
<HostEntry>
<User>Guest</User>
<HostName>MyGuest</HostName>
<HostAddress>guest.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

 

Save with name Profile.xml

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jul 11 2023 9:20 AM
‎Jul 11 2023 9:20 AM

Save in this path: C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Stewie
Conversationalist
‎Jul 11 2023 9:35 AM
‎Jul 11 2023 9:35 AM

I feel like an idiot for not realizing that.. makes total sense now, thank you for the help!

0 Kudos
Subscribe
In response to alemabrahao
Jamsession
Here to help
‎Oct 4 2023 10:04 AM
‎Oct 4 2023 10:04 AM

Hello, 

I'm trying to understand the solution here. I am currently having a similar issue. 

I have my xml profile packaged in win32 and deployed through intune to:

C:\programdata\cisco\cisco secure client\VPN\Profile

But even with the profile present the connect option does not appear.

 

My profile name is: Profileconfig.xml

Which is also uploaded to meraki for the profile update. It works if I input the host myself, but is blank before that. 

Here is my xml: 

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectPreferences>
<DefaultUser></DefaultUser>
<DefaultSecondUser></DefaultSecondUser>
<ClientCertificateThumbprint></ClientCertificateThumbprint>
<MultipleClientCertificateThumbprints></MultipleClientCertificateThumbprints>
<ServerCertificateThumbprint></ServerCertificateThumbprint>
<DefaultHostName>myhostname</DefaultHostName>
<DefaultHostAddress>myaddress</DefaultHostAddress>
<DefaultGroup></DefaultGroup>
<ProxyHost></ProxyHost>
<ProxyPort></ProxyPort>
<SDITokenType>none</SDITokenType>
<ControllablePreferences></ControllablePreferences>
</AnyConnectPreferences>

0 Kudos
Subscribe
In response to Jamsession
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 4 2023 10:06 AM
‎Oct 4 2023 10:06 AM

Save with name Profile.xml in this path: C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Jamsession
Here to help
‎Oct 4 2023 10:28 AM
‎Oct 4 2023 10:28 AM

EDIT RESOLVED!!!!- boy do i feel dumb. I wasn't making my changes as a administrator. 



I have no problems using Profile.xml as the profile, but still don't seem to get a ready connection on a profile that has yet to use anyconnect for the first time. 

 

It's weird because I have been scouring looking for info and what is provided is generally what I have / had done. 

@alemabrahao I used your exact profile format posted above thinking maybe its my file, but still the same result.

anyconnect.PNG

0 Kudos
Subscribe
In response to Jamsession
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 4 2023 10:58 AM
‎Oct 4 2023 10:58 AM

The variables in your file are different, use exactly as I put them in the post.

 

<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
<ServerList>
<HostEntry>
<User>Pandiyan</User>
<HostName>MyHost</HostName>
<HostAddress>local.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
<ServerList>
<HostEntry>
<User>Guest</User>
<HostName>MyGuest</HostName>
<HostAddress>guest.pandiyan.com</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Subscribe
In response to alemabrahao
Jamsession
Here to help
‎Oct 4 2023 11:31 AM
‎Oct 4 2023 11:31 AM

That was it! 
Your file plus editing as a admin. 

Thank you sir!

0 Kudos
Subscribe
In response to Jamsession
alemabrahao
Kind of a big deal
Kind of a big deal
‎Oct 4 2023 11:35 AM
‎Oct 4 2023 11:35 AM

It's my pleasure.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jul 11 2023 6:07 PM
‎Jul 11 2023 6:07 PM

Some other tips - I have written a tool for creating the profiles for you:
https://www.ifm.net.nz/cookbooks/online-anyconnect-profile-editor.html

 

When you upload the profile in the Meraki dashboard, it ALWAYS appends .XML when it is downloaded by AnyConnect.  So if you upload company.xml, it gets downloaded as company.xml.xml.  So I tend to upload the profiles without an extension.

 

Next, if you have another Cisco product, such as Cisco Umbrella, you get to use Cisco SecureX.  You can buy just a single licence for Cisco Umbrella (cheap) and not even use it, to get access to SecureX.

Why might you want to use Cisco SecureX?  Because it cloud manages AnyConnect.  You no longer use profiles - you control the settings in the Cisco SecureX dashboard.  You can automate software updates, create test profiles, etc.  Basically, this is the way you want to be rolling out new AnyConnect deployments.

All this for maybe $3/month (cost of an Umbrella licence), assuming you don't already own another Cisco security product.

 

Take a look at this thread where I show some of screenshots of what it looks like:
https://community.meraki.com/t5/Security-SD-WAN/Update-AnyConnect-clients-now/m-p/198950 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.