Enabling Anyconnect Client Profile Downloads - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Chapter 7 Configuring and Using AnyConnect Client Operating Modes and User Profiles
Configuring and Using User Profiles
the user selects the appropriate profile from a drop-down list. Be aware, however, that some of the profile
settings, such as Start Before Login, control the connection experience at a global level. Other settings,
such as those unique to a particular host, depend on the host selected.

Enabling AnyConnect Client Profile Downloads

An AnyConnect client profile is a group of configuration parameters, stored in an XML file, that the
client uses to configure the connection entries that appear in the client user interface. The client
parameters (XML tags) include the names and addresses of host computers and settings to enable
additional client features.
You can create and save XML profile files using a text editor. The client installation contains one profile
template (AnyConnectProfile.tmpl) that you can edit and use as a basis to create other profile files.
The profile file is downloaded from the security appliance to the remote users's PC, so you must first
import the profile(s) into the security appliance in preparation for downloading to the remote PC. You
can import a profile using either ASDM or the command-line interface. See Appendix A, "Sample
AnyConnect Profile and XML Schema" for a sample AnyConnect profile.
When the AnyConnect client starts, it reads the preferences.xml file in the following directory:
C:\Documents and Settings\<your_username>\Local Settings\Application Data\Cisco\Cisco
AnyConnect VPN Client.
The preferences.xml file contains the username and the security appliance IP address/hostname from the
last successful connection. The client then establishes an initial connection to the security appliance to
get the list of tunnel groups to display in the GUI. during this initial connection, if the security appliance
is no longer accessible or if the hostname cannot be resolved, the user sees the message, "Connection
attempt has failed" or "Connection attempt has failed due to unresolvable host entry."
You can place a copy of your profile (for example, CiscoAnyConnectProfile.xml) in the directory:
C:\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN Client\Profile
The location for Windows Vista is slightly different: C:\ProgramData\Cisco\Cisco AnyConnect VPN
Client\Profile The host that appears in the Connect to combo box is the first one listed in the profile or
the last host you successfully connected with.
Do not cut and paste the examples from this document. Doing so introduces line breaks that can break
Caution
your XML. Instead, open the profile template file in a text editor such as notepad or wordpad.
Use the template that appears after installing AnyConnect on a workstation:
\Documents and Settings\All Users\Application Data\Cisco\Cisco AnyConnect VPN
Client\Profile\AnyConnectProfile.tmpl
Follow these steps to edit profiles and use ASDM to enable the security appliance to download them to
remote clients:
Cisco AnyConnect VPN Client Administrator Guide
7-5
OL-12950-012