- Jamf Nation Community
- Products
- Jamf Pro
- Re: VPN host address - cisco any connect
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2024 12:26 PM
Hi ,
We have recently updated our VPN and would like to update our host address for all macbook across the company through JAMF. I know we can package the profile.xml with cisco any connect installer and assign the profile to everyone but we dont want to go that path.
Is there a way we can update the host address on all cisco any connect instances for all users much simpler way via jamf ?
Thanks,
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2024 09:45 AM
One option to create a deployable package with just the XML profile would be to leverage Jamf Composer on a Mac that has the new/proper XML file on it. Drag that file (from it's proper location at /opt/cisco/anyconnect/profiles/) onto the Composer window to add the file at the proper folder location. Ensure permissions are set properly (root:wheel 644) and then create the .pkg file. Upload to Jamf and deploy via policy. If the new XML file and the old one have the same name, it'll overwrite the old one. Users will need to quit/relaunch Cisco or reboot their Mac for the change to be picked-up.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2024 01:55 PM
If you're leveraging Cisco today, all you would need to do is replace the AnyConnect xml profile with the new version and either quit/relaunch Cisco, or tell your users to restart (I've usually gone the latter route). No need to re-deploy the AnyConnect software itself. Package and deploy the new XML file in /opt/cisco/anyconnect/profile/ and you should be set! Just be sure to replace the existing file or delete the old one – cisco doesn't like having multiple profiles there.
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2024 02:05 PM
Thanks @cdev for sharing this. I would greatly appreciate if you can please ellaborate the steps involved in packaging the file and deploying through jamf to replace the xml file .
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-05-2024 06:07 PM
@ITTN you could also use a script vs a package to deploy the new xml profile.
#!/bin/bash
profilePath="/opt/cisco/anyconnect/profile/profilename.xml"
cat > "$profilePath" << EOF
## PUT YOUR XML INFO HERE ##
EOF
/bin/chmod 775 "$profilePath"
/usr/sbin/chown root:wheel "$profilePath"
exit 0
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2024 09:19 AM
Hi @jhbush
I have run the below script but no luck, as the logs says its successfully ran.. can you please identify whats missing, sorry newbie to jamf and scripting
#!/bin/bash
profilePath="/opt/cisco/anyconnect/profile/xyz.xml"
cat > "$profilePath" << EOF
"/Users/xyz/Desktop/anyconnect_profile.xml"
EOF
/bin/chmod 775 "$profilePath"
/usr/sbin/chown root:wheel "$profilePath"
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-06-2024 09:02 PM
#!/bin/bash
profilePath="/opt/cisco/anyconnect/profile/profilename.xml"
#Delete the XML below and replace with your xml profile text.
cat > "$profilePath" << EOF
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
<ServerList>
<HostEntry>
<User>username</User>
<HostName>host alias name</HostName>
<HostAddress>host address of vpn</HostAddress>
</HostEntry>
</ServerList>
</AnyConnectProfile>
EOF
/bin/chmod 775 "$profilePath"
/usr/sbin/chown root:wheel "$profilePath"
exit 0
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2024 08:54 AM
@jhbush firstly i really appreciate you on helping me out on this, so this is working partially for all the new machines that are running cisco any connect for the first time but its not replacing the existing profile.xml with this one, like i scoped it to my laptop and it didn't work
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 02-07-2024 09:45 AM
One option to create a deployable package with just the XML profile would be to leverage Jamf Composer on a Mac that has the new/proper XML file on it. Drag that file (from it's proper location at /opt/cisco/anyconnect/profiles/) onto the Composer window to add the file at the proper folder location. Ensure permissions are set properly (root:wheel 644) and then create the .pkg file. Upload to Jamf and deploy via policy. If the new XML file and the old one have the same name, it'll overwrite the old one. Users will need to quit/relaunch Cisco or reboot their Mac for the change to be picked-up.
