Meraki

Community

On Connection Scripts for AnyConnect with MX

Solved
JordanCN
Getting noticed
‎Nov 25 2023 7:56 AM
‎Nov 25 2023 7:56 AM

On Connection Scripts for AnyConnect with MX

Back when I used to use the Cisco ASA, I recall being able to run a login script upon connection to the VPN. But the ASA controlled the script.  Is there anything like this on the MX setup with AnyConnect?  I did not see anything in the Profile Editor utility for this either.

0 Kudos
1 Accepted Solution
ww
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 11:43 AM
‎Nov 25 2023 11:43 AM

I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111

View solution in original post

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 9:29 AM
‎Nov 25 2023 9:29 AM

No, the Anyconnect has some limitations on the MX.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Nov 25 2023 11:43 AM
‎Nov 25 2023 11:43 AM

I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111

JordanCN
Getting noticed
‎Nov 26 2023 8:41 AM
‎Nov 26 2023 8:41 AM

Thanks WW.  I was able to get this to work by adding an OnConnect.bat file to the \Scripts folder.  I have not tried the OnDisconnect.bat option, but assume it will work as well.

 

I did have a gotcha to add.  The script would not run unless I had Profile Update set to enabled on the Meraki MX's AnyConnect client settings.  I did not have to upload a profile, but it had to be enabled or else the script would not run.

 

I am going to put in a ticket for this as a bug because I also noticed that when I would upload an XML profile, it would  be downloaded to the clients as filename.xml.xml.  I am easily able to work around it by just removing the .xml extension at the end so it overwrites the desired file.

0 Kudos
In response to JordanCN
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Nov 26 2023 11:37 AM
‎Nov 26 2023 11:37 AM

>filename.xml.xml

I've talked to the Meraki AnyConnect engineers about this exact issue!  They now about it, but it is low-hanging fruit, and they don't seem motivated to resolve it.

0 Kudos
JordanCN
Getting noticed
‎Nov 30 2023 2:36 PM
‎Nov 30 2023 2:36 PM

So I put in a ticket with Meraki support about the xml extension doubling up and also having to enable Profile Update to get the OnConnect to work.  They said since I figured out then it really isn't a bug.  NIce.......

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.