Cisco FTD (and ASA) Creating AnyConnect Profiles

KB ID 0001685

Problem

A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor.

Solution

Firstly you need to download the offline profile editor, you will find it on the Cisco AnyConnect Mobility Client download page;

FTD -AnyConnect Profile Editor

I wont insult your intelligence, the setup is straight forward;

Cisco AnyConnect Profile Editor

Launch the editor, and the screen you will see is exactly the same as you would normally see while using the profile editor in a Cisco ASA, (when launched from within the ASDM).

Cisco AnyConnect Profile Editor Settings

Note: I’m not going to go though all the settings, (this post would become immense!) Typically I allow remote (RDP) connections, and set the public FDQN for my AnyConnect profile.

Once you have finished, you can simply save the settings as an XML file.

Cisco AnyConnect Profile Editor Export XML

Import an AnyConnect ‘Profile XML File’ into Cisco ASA

As mentioned above with all ‘modern’ versions of the ASDM/AnyConnect client you can create and edit an AnyConnect profile directly from within the ASDM. But (for completeness) here’s how to import one you created externally, (or exported form another firewall).

Configuration >Remote Access VPN > Network (Client) Access > AnyConnect Client Profile > Import.

Cisco ASA Import AnyConnect Profile XML

Import an AnyConnect ‘Profile XML File’ into Cisco FTD

Objects > AnyConnect Client Profiles > Create AnyConnect Client Profile > Give it a name > Upload.

Cisco FTD Import AnyConnect Profile XML

Browse to, and select the previously created XML file > Open.

Cisco FTD Upload AnyConnect Profile XML

Then save and deploy the changes (this takes ages!).
Cisco FTD Save and Deploy

You can now select this ‘profile file’ when setting up AnyConnect, or edit any existing AnyConnect Remote Access VPN configuration, and add this profile to it.

Related Articles, References, Credits, or External Links

Cisco Firepower 1010 Configuration

Author: PeteLong

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *