Imaging With Cisco Anyconnect


I have been able to setup a 2 pkg policy with the vpn.pkg, and the vpn profile pkg (made with composer), which installs cleanly via the every15/once per machine policy.

When imaging time comes, I have tried both installing initially during the block copy, as well as post install. I also set the priority level of vpn.pkg lower than the vpn profile, but the install never takes place.

For now I can get by using a policy, but I was wondering if anyone had any tips.


New Contributor III

I'm using the AnyConnect client, but we've moved to a Thin image system, and now users have the ability to install AnyConnect via Self Service. Works great for us, and it simplifies the imaging process all the way around.

I did notice that there were some issues with certificates for our implementation when included during imaging however.

Valued Contributor

we've got anyconnect in our image- cisco pkg for the installer, and a composer DMG for our profile.
I've not had any problems with the installation during imaging- we run ours at first boot, though. Is that what you meant by running the installer post install?
If you haven't tried running them at first boot instead of on the initial pass, try that.

Contributor III

I'm deploying the full AnyConnect suite (VPN+DART+WebSecurity+Posture) + region specific profiles at imaging time via a policy called by a script (has logic to limit to laptops). I also have multiple versions of AC installers and dev profiles available in Self Service for select users. The best advise I can offer is be sure to blow away any older versions before upgrading (/opt/cisco) and be aware of the ~.anyconnect file, which holds the users default connection. If you are leveraging the Web Security module, you can pre-load /opt/cisco/anyconnect/websecurity/WebSecurity_ServiceProfiles.wso in addition to the usual profile files to avoid AC complaining about not having a valid license.

New Contributor III

What version of AnyConnect are you installing? When you say that the installer doesn't take you see any errors in the install log or does it look fine...but nothing actually gets installed on the system?

We're on AC 2.5.3055, I have one .dmg installer (snapshot with Composer) that installs everything (agent, profile, etc.) and works great via policy and during imaging. During imaging it gets installed prior to first boot along with everything else...and works with both my Thin and Modular imaging workflows.

Hope this helps!