Back when I used to use the Cisco ASA, I recall being able to run a login script upon connection to the VPN. But the ASA controlled the script. Is there anything like this on the MX setup with AnyConnect? I did not see anything in the Profile Editor utility for this either.
Solved! Go to solution.
I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111
No, the Anyconnect has some limitations on the MX.
I case you didnt see this already https://community.meraki.com/t5/Security-SD-WAN/AnyConnect-OnConnect-scripts/m-p/138965#M35111
Thanks WW. I was able to get this to work by adding an OnConnect.bat file to the \Scripts folder. I have not tried the OnDisconnect.bat option, but assume it will work as well.
I did have a gotcha to add. The script would not run unless I had Profile Update set to enabled on the Meraki MX's AnyConnect client settings. I did not have to upload a profile, but it had to be enabled or else the script would not run.
I am going to put in a ticket for this as a bug because I also noticed that when I would upload an XML profile, it would be downloaded to the clients as filename.xml.xml. I am easily able to work around it by just removing the .xml extension at the end so it overwrites the desired file.
>filename.xml.xml
I've talked to the Meraki AnyConnect engineers about this exact issue! They now about it, but it is low-hanging fruit, and they don't seem motivated to resolve it.
So I put in a ticket with Meraki support about the xml extension doubling up and also having to enable Profile Update to get the OnConnect to work. They said since I figured out then it really isn't a bug. NIce.......