Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1912
Views
15
Helpful
3
Replies

AnyConnect VPN - update fqdn used to connect to VPN?

Go to solution
Antony Paul
Level 1
Level 1

‎03-04-2019 10:32 AM - edited ‎02-21-2020 09:35 PM

Hello all,

 

Wondering if someone can help me with the following.

 

We are moving datacenter and as a result our users will be required to connect to a new FQDN within their AnyConnect Secure Mobility VPN Client.  The new FQDN points at a new Cisco ASA.

 

I have tried to update this automatically for my test account by deploying a profile xml file containing the new FQDN to C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\

 

This has not worked as intended as the legacy FQDN is still showing.

Can anyone advise what the correct way to do this is?

 

I understand I could edit the profile on the legacy ASA to use the hostname of the new ASA but I am not sure if that is best practice or would even work as intended?

 

2019-03-04 18_26_48-Window.png

 

 

Thanks in advance

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎03-04-2019 11:53 AM

Apart from what @Mike.Cifelli mentioned below, you also might need to delete the preferences file from the users machine. The preferences.xml file keeps the last successfully connected info cached. The file is located here:

 

C:\Users\<username>\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml

 

You can safely delete the above file after making changes to your local XML profile. Quit and restart your client. Once you do this, Anyconnect will only read the server address from the client xml profile. 

 

 

 

View solution in original post

3 Replies 3

Go to solution
Mike.Cifelli
VIP Alumni
VIP Alumni

‎03-04-2019 10:52 AM

Under the <HostEntry> tag you can modify your current PROFILE.xml file to test out your new setup.

<HostEntry>
<HostName>Change this to new host name you configured on new ASA</HostName>
<HostAddress>YOUR new VPN GW<Address>
<UserGroup>YOUR CLIENT PROFILE NAME on new ASA</UserGroup>
This is found in the location you mentioned above.

HTH!

Go to solution
Antony Paul
Level 1
Level 1
In response to Mike.Cifelli

‎03-06-2019 01:26 PM

Thanks very much both of you for your input - I am testing this shortly - much appreciated for pointing  me in the right direction.

0 Helpful

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎03-04-2019 11:53 AM

Apart from what @Mike.Cifelli mentioned below, you also might need to delete the preferences file from the users machine. The preferences.xml file keeps the last successfully connected info cached. The file is located here:

 

C:\Users\<username>\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml

 

You can safely delete the above file after making changes to your local XML profile. Quit and restart your client. Once you do this, Anyconnect will only read the server address from the client xml profile. 

 

 

 

Customers Also Viewed These Support Documents