Cisco FTD (and ASA) Creating AnyConnect Profiles

KB ID 0001685

Problem

A few days ago I did an article on Deploying Cisco AnyConnect with the Cisco FTD, there I glossed over the AnyConnect profile section. For a long time now, we have been able to edit the AnyConnect profile from within the firewall (if we are running ASA code!) But for the FTD we need to take a step backwards and go back to using the ‘offline’ AnyConnect profile editor.

Solution

Firstly you need to download the offline profile editor, you will find it on the Cisco AnyConnect Mobility Client download page;

I wont insult your intelligence, the setup is straight forward;

Launch the editor, and the screen you will see is exactly the same as you would normally see while using the profile editor in a Cisco ASA, (when launched from within the ASDM).

Note: I’m not going to go though all the settings, (this post would become immense!) Typically I allow remote (RDP) connections, and set the public FDQN for my AnyConnect profile.

Once you have finished, you can simply save the settings as an XML file.

Import an AnyConnect ‘Profile XML File’ into Cisco ASA

As mentioned above with all ‘modern’ versions of the ASDM/AnyConnect client you can create and edit an AnyConnect profile directly from within the ASDM. But (for completeness) here’s how to import one you created externally, (or exported form another firewall).

Configuration >Remote Access VPN > Network (Client) Access > AnyConnect Client Profile > Import.

Import an AnyConnect ‘Profile XML File’ into Cisco FTD

Objects > AnyConnect Client Profiles > Create AnyConnect Client Profile > Give it a name > Upload.

Browse to, and select the previously created XML file > Open.

Then save and deploy the changes (this takes ages!).

You can now select this ‘profile file’ when setting up AnyConnect, or edit any existing AnyConnect Remote Access VPN configuration, and add this profile to it.

Related Articles, References, Credits, or External Links

Cisco Firepower 1010 Configuration

VMware Converter Slow!

KB ID 0001584

Problem

I was P2Ving a server for a client this week. I did a ‘trial run’ just to make sure everything would be OK, and got this;

Yes, that says 13 days and 29 minutes! Suddenly doing this at 1700hrs on a Friday became a moot point! (Note: I was using VMware vCenter Converter Standalone version 6.2)

Solution

At first I assumed this was a network problem, so I moved everything onto the same Gigabit switch, and made sure all the NICs were connected at 1Gbps. Still no improvement. I then shut down as many services on the source machine as I could, still it was terribly slow 🙁

Firstly, make sure Concurrent Tasks, and Connections per Task are set to ‘Maximum’.

Then locate the converter-worker.xml file and edit it;

Usually located at “C:\ProgramData\VMware\VMware vCenter Converter Standalone

Note: ProgramData is, (by default) a hidden folder!

Locate the section, <useSsl>true</useSsl>, change it to <useSsl>false</useSsl> then save and exit the file.

Then restart the ‘VMware vCenter Converter Standalone Worker‘ service.

Boom! That’s better.

Related Articles, References, Credits, or External Links

NA

Deploy ODBC Settings via Group Policy

KB ID 0000805 

Problem

I’ve briefly mentioned this before when I wrote about Group Policy Preferences so when I had to do this on-site this week, I jumped straight into the group policy management console, and found that because my ODBC connection was using SQL authentication (with the SQL sa account), this would NOT WORK, (it only works with Windows authentication and even then it needs a tweak). If you are using SQL authentication jump down to the bottom of the article.

Solution

NOTE: Below I’m dealing with user DSN ODBC connections, so I’m looking at User Policies, if you want to send out Machine DSN ODBC connections then you need to be looking at Computer Policies.

Deploy ODBC Settings via Group Policy Preferences (Windows Authentication)

The GPP is pretty easy to locate you will find it in;

[box]

User Configuration > Preferences > Control Panel Settings > Data Sources

OR

Computer Configuration > Preferences > Control Panel Settings > Data Sources

[/box]

However you will find there is a bug in the system which means it does not deploy.

ODBC Settings fail to Deploy via GPO

1. Locate the ODBC connection that you are trying to deploy > right click > Copy.

2. Right click your desktop and ‘paste’ > You will get an XML file > Open it with notepad > Delete the username and the cpassword information > Save the file.

3. Then delete the original ODBC file from your group policy.

4. Drag the XML file into the policy, in its place > Select ‘Yes’ to import it.

WARNING: Do not open its settings/properties from this point forward, or it will break again.

Getting ODBC Settings from a Clients Registry

1. You may wish to locate and extract the ODBC settings from a working client, you can locate the settings in a working client machines registry and simply export them so you can import them on a target machine, or deploy them via GPP or logon script.

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

2. Simply right click the key that corresponds to the ‘name’ of the ODBC connector that you wish to export, > right click > Export > Save.

Deploy ODBC Settings via Group Policy Preferences (SQL Authentication)

In this example I’ve merged the ODBC connection details into the registry, you could just as easily set them up manually, as long as they exist, either on the machine you are creating the policy on, or another machine you have ‘remote registry’ rights to.

1. Create or edit a group policy and navigate to;

[box]User Configuration > Preferences > Windows Settings > Registry > Collection
[/box]

Select New > Registry Wizard.

2. Select where you want to collect the registry information from > Next.

3. Navigate to;

[box]

User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's 
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI

[/box]

Select the OBDC name that corresponds to the one you want to collect, then select all the settings within that key > Finish.

4. The finished GPP should look like this > Close the policy editor.

 

Related Articles, References, Credits, or External Links

NA