Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

On Connection Scripts for AnyConnect with MX

Solved
JordanCN
Here to help
‎Nov 25 2023 7:56 AM
‎Nov 25 2023 7:56 AM

On Connection Scripts for AnyConnect with MX

Back when I used to use the Cisco ASA, I recall being able to run a login script upon connection to the VPN. But the ASA controlled the script.  Is there anything like this on the MX setup with AnyConnect?  I did not see anything in the Profile Editor utility for this either.

0 Kudos
Subscribe
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 11:43 AM
‎Nov 25 2023 11:43 AM

I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111

View solution in original post

Subscribe
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 9:29 AM
‎Nov 25 2023 9:29 AM

No, the Anyconnect has some limitations on the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Subscribe
ww
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 11:43 AM
‎Nov 25 2023 11:43 AM

I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111

Subscribe
JordanCN
Here to help
‎Nov 26 2023 8:41 AM
‎Nov 26 2023 8:41 AM

Thanks WW.  I was able to get this to work by adding an OnConnect.bat file to the \Scripts folder.  I have not tried the OnDisconnect.bat option, but assume it will work as well.

 

I did have a gotcha to add.  The script would not run unless I had Profile Update set to enabled on the Meraki MX's AnyConnect client settings.  I did not have to upload a profile, but it had to be enabled or else the script would not run.

 

I am going to put in a ticket for this as a bug because I also noticed that when I would upload an XML profile, it would  be downloaded to the clients as filename.xml.xml.  I am easily able to work around it by just removing the .xml extension at the end so it overwrites the desired file.

0 Kudos
Subscribe
In response to JordanCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 26 2023 11:37 AM
‎Nov 26 2023 11:37 AM

>filename.xml.xml

I've talked to the Meraki AnyConnect engineers about this exact issue!  They now about it, but it is low-hanging fruit, and they don't seem motivated to resolve it.

0 Kudos
Subscribe
JordanCN
Here to help
‎Nov 30 2023 2:36 PM
‎Nov 30 2023 2:36 PM

So I put in a ticket with Meraki support about the xml extension doubling up and also having to enable Profile Update to get the OnConnect to work.  They said since I figured out then it really isn't a bug.  NIce.......

Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.