Default VPN profile (multiple profiles)

Similar Messages

• Anyconnect VPN-Authentication multiple profiles via ACS

  Hi,
  I'm currently facing the issue, that I need to migrate a customer VPN-structure from VPN-client to the new Anyconnect.
  There is an ASA5515 and they have ACS with local users and AD-Integration.
  The problem: The old system used different profiles with PSK, so every external partner who had a VPN connection got it's own profile, which was secured by the IKEv1 PSK. The credentials for externals are saved locally on ACS. Also there is a profile for the normal employees, which authenticate via AD or RSA. The guys who implemented this did it the easy way, means when a user connects, the whole user-table is checked (AD, local, RSA). So if an external would have the .pcf from an internal user, it would be possible for him to connect to internal resources. There was no profile-to-usergroup binding.
  I should now implement a new ASA with Anyconnect and also keep up the different profiles. But in this case the problem is - there is no PSK any more. So if a smart guy changes the group in his XML-profile to e.g. "Internal", it would authenticate and grant access to all resources, since the internal pool isn't restricted by ACL's, but the externals are. 
  I'm looking for a guide, how to set up different policies on the ACS, which look up the user only in the one group, depending on the profile he connected. As far as I understand, I must somehow define already on the FW which group or policy it should look up. How can I achieve this? 
  What do I need e.g. for 10 different profiles?
  - 10  groups on ACS?
  - 1 Access-Policy? (Network Access) -> with 10 different Authorization Policy rules? 
  - Anything else?
  Where do I define the policy to use in Anyconnect?
  Thanks in advance!
  BR

  I've done a similar deployment where all authentication/authorization and accounting was pointed from ASA to ACS.
  There are multiple layers to your question. 
  First of all, you have ACS, hopefully 5.x which gives you a nice policy driven authentication and authorization schema. 
  1st layer - setup group-alias and group-urls for specific users on ASA. 
  2nd layer - on ACS decides where those connection should be authenticated/authorized against (go to AD, RSA, local DB). ASA passess tunnel group name in authentication calls to ACS. 
  3rd layer - group-lock feature ensures that user can only have access to resources if they are in a specific group. 

• Org detemination when user attached to multiple profiles in IC webclient

  Hi,
  I am having a problem with org determination in IC webclient when a particular user is attached to multiple profiles.
  <u><b>The scenario is as follows:</b></u>
  1. Log into IC webclient
  2. Indentify and confirm an account
  3. Select and confirm an IBase
  The IBase here is basically used for partner determination.
  4. Go to the Service Ticket and enter you details and save it.
  <u><b>The issue is as follows:</b></u>
  When the user who is logged into the IC webclient is attached to a single profile then org determination happens correctly and the partner determination procedure is subsequently triggered to determine all the partners from the IBase.
  Now when the user is attached to multiple irg units because of some business reasons then the org determination does not happen because the user is attached to multiple org units in the org structure and hence the subsequent partenr determination is also not invoked.
  I am sure of one thing that if the org determination happens correctly then the partner determination will also happen correctly and the all the partners from the IBase will be determined.
  <u><b>My query:</b></u>
  After the user has uniquely selected a profile indicating which org unit he wants to currently work with how do I ensure that the org determination succeeds. In other words how do I ensure that the org determination now occurs based on the profile selected in IC web client.
  Thanks and regards
  Murli Rao

  Hello Vin,
     I have created a new rule. This is a copy of rule 10000194.
    The problem I am faced with is that the function module mentioned in the rule is not invoked.
    My observations are as follows:
  1. In function module <b>CRM_ORGMAN_DETERMINE_ORGOBJS</b> the there is a call which is as follows:
           CALL FUNCTION 'CRM_ORGMAN_FIELD_CATALOG_VALUE'             
             EXPORTING                                                
               iv_ref_guid              = iv_ref_guid                 
               iv_ref_kind              = iv_ref_kind                 
               iv_scenario              = iv_scenario                 
               iv_act_object            = iv_act_object               
               is_reference_partner_wrk = is_reference_partner_wrk    
               is_orgman_com            = is_orgman_com               
               iv_container_mix         = iv_container_mix            
               iv_bal_log               = iv_bal_log                  
             IMPORTING                                                
               et_act_cont              = lt_act_cont                 
             EXCEPTIONS                                               
               no_values_found          = 1                           
               OTHERS                   = 2.                         
     Now the call above is used to get the container values which will be used during rule determination. I have not maintained any container objects in the rule itself. But since the rule is attached to an <b>Organizational data profile</b> the following are a part of the container:
  Sales Organisation, Distribution Channel, Division, Sales Office, Sales Group.
  Unfortunaely there is no value determination available for these objects. Hence when the above function module return the variable  lt_act_cont has 5 rows and the value of sy-subrc = 1 because there was no value determination.
  2. The same thing happens for the default rule 10000194. But the lines after the function module will tell as to why for the standard rule the function module is called and not for my rule. The lines are as follows:
        IF ( sy-subrc = 0 ) OR ( lt_act_cont[] IS INITIAL ) OR      
           ( iv_act_object = 'AC10000194' ) OR                      
           ( iv_act_object = 'AC14000178' ).   
    As you see the rule has been hardcoded and hence everythings seems to work fine.
    How can I overcome this issue.
  Thanks and regards,
  Murli Rao

• Multiple profiles

  Is there a hit in performance with multiple profiles? Say 20 or 30 profiles. And if so, is it in application performance as in simple use or is it in render times when you are waiting for a project to render?
  Thanks.

  1327/3773
  Hi Todd,
  Do you mean 20 or 30 User Accounts?
  Anyway, a general approach about Mac OS X memory management:
  When a task is running, it uses as much memory (+ virtual memory) as it can find left. Other running tasks share the memory at the same time, but they will "give away" some or all memory they are using (thus slow down), in favor of the main task.
  This is roughly, not exactly detailed of course, how it works, no matter if the "secondary" tasks are being ran by the same User, by another (others) User(s), or by the System (although system tasks usually don't give away much of their default memory...).
  To observe all this very clever and efficient Mac OS X behaviour, use Activity Monitor: Watch "All Processes", you'll see how some are slowing down when others need more juice.
  Of course if other Users Accounts or apps are simply logged out or closed, they simply don't have any performance influence.
  In a word
  (concerning User Accounts):
  As long as you don't run many tasks at the same time, there will be no performance hit for the one application you are running.
  Of course if you are talking about more tasks to be run within the same application, certainly the application will not run as smoothly, quickly, as if it was doing only one simple task.
  I hope this helps, or did I misunderstand your question completely?
  Axl

• Multiple profile help needed

  I work for a company that requires me to connect to several customer Cisco VPNs via AnyConnect 3.0.5075. 
  Each customer site has provided it's own URL and certificate, etc.
  How do I get Cisco AnyConnect Secure Mobility Client version 3.0.5075 to agree to multiple profiles?
  I also would love some advice on how to add certificates to the tool without the "double click the certifiate" route.  My laptop has an encrypted hard drive and when I try and "double click" the Cisco certificates the hard-drive encryption tool believes I am trying to add a certificate to it instead of to the Cisco VPN tool. 
  AnyConnect does not appear to have any editable/configurable settings for multiple profiles or to directly add a certificate.
  I have googled furiously to no avail.
  Any help available here?  Even just to give me some bumps in the right direction?
  Thanks in advance.
  -Jim

  Hi Jim,
  You can have multiple profile bind to different certificates
  For example
  crypto ca certificate map mymap 1
  subject-name attr cn eq Joe Smith
  crypto ca certificate map mymap 2
  issuer-name co SubCA1
  crypto ca certificate map mymap 25
  alt-subject-name eq [email protected]
  subject-name attr ou co Sales
  crypto ca certificate map mymap 65535
  subject-name ne ""
  SSL certificate mapping applies to both clientless WebVPN and AnyConnect  connections where certificates are used.  The certificate-group-map  entries are processed in the order they are entered and appear above  until a match is found.  They do not need to be in numerical order.
  webvpn
  certificate-group-map mymap 1 Tunnel-group1
  certificate-group-map mymap 2 Tunnel-group2
  certificate-group-map mymap 25 Tunnel-group3
  certificate-group-map mymap 65535 Tunnel-Group4
  The certificate selection can be done automatically by enabling the automatic certificate selection in the XML profile
  Hope this helps you.
  Thanks
  Raj

• AnyConnect Secure Mobility Client Multiple Profiles

  Hi,
  I have multiple clients that use multiple versions of VPNs including Cisco, Sonicwall and others.
  I have a client with the (older) "Cisco Systems VPN Client".  Then I got a new client with instructions to install the "Cisco AnyConnect Secure Mobility Client".  Without warning, the installation uninstalled what I now believe was an older version of this same VPN client - but the name has changed, the installation directories have changed, etc.
  OK, but the new client wiped out the connection parameters to the old client.
  I've tried to read and understand the other discussion entries about storing multiple "profiles" (i.e. vpn connections).  Other VPN clients have a menu option or a simple way to add a connection, but it seems more challenging to do this with the AnyConnect client.  However, I read, and tried to set up, multiple profiles.  From the other discussions, I followed these steps:
  1. Located the (hidden in Windows 7) following directory:
       %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
  2.  Created two xml files, "Client1.xml" and "Client2.xml" in this directory. containing
  <?xml version="1.0" encoding="UTF-8"?>
  <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
    <ServerList>
      <HostEntry>
        <HostName>Client1HostName</HostName>
        <HostAddress>Client1HostaddressDNS</HostAddress>
        <PrimaryProtocol>IPsec</PrimaryProtocol>
      </HostEntry>
    </ServerList>
  </AnyConnectProfile>
  {And a similar file for Client2}
  There was another discussion thread that had more lines in the xml file, which I also tried.  Again, I created 2 separate xml files, each one with the respective client's parameters.
  <?xml version="1.0" encoding="UTF-8"?>
  <AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
  <ServerList>
       <HostEntry>
            <User>navadmin</User>
            <SecondUser></SecondUser>
            <ClientCertificateThumbprint></ClientCertificateThumbprint>
            <ServerCertificateThumbprint></ServerCertificateThumbprint>
            <HostName>Client1</HostName>
            <HostAddress>Client1DNS</HostAddress>
            <Domain></Domain>
            <Group>ssl_url</Group>
            <ProxyHost></ProxyHost>
            <ProxyPort></ProxyPort>
            <SDITokenType>none</SDITokenType>
            <ControllablePreferences>
            <LocalLanAccess>true</LocalLanAccess></ControllablePreferences>
       </HostEntry>
  </ServerList>
  </AnyConnectProfile>
  I then quit the AnyConnect Secure Mobility Client and restarted, hoping that I would get a dropdown list that contained "Client1" and "Client2".  This did not happen.
  Prior to trying this, I did NOT delete the "Preferences.xml" file in the following directory:
  C:\users\<myusername>\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client
  This is where the Anyconnect client stored the connection info when I manually input it into the GUI.
  So, my questions are:
  1.     Do I need to delete the preferences.xml in order for the profiles in the other directory to be read and displayed in the client dropdown?
  2.     Are there naming conventions for the profile xml files that I'm not following by calling them "Client1.xml" and "Client2.xml"?
  3.     Any other ideas as to why this isn't working?
  4.     There are also references to a "profile editor", but the discussion threads aren't clear whether this utility is installed when you just install the client software, or if you have to have some sort of "administrator package" installed.  If so, is this package available for download, or do you need to purchase a full VPN client license in order to have access to this utility?
  Thanks,
  Ron

  The Client1.xml and Client2.xml files that you created have correct content but wrong names. You only need 1 file called Profile.xml and inside you can then add multiple hosts by adding the nodes.
  So your Profile.xml would look like this -
  <?xml version="1.0" encoding="UTF-8"?>
  http://schemas.xmlsoap.org/encoding/">
        Client1HostName
        Client1HostaddressDNS
        IPsec
        Client2HostName
        Client2HostaddressDNS
        IPsec
  I hope this helps.
  Ratan.

• Multiple profiles with different cache settings

  I want to have multiple profiles with different settings for the cache. I'll call them ProfileOne and ProfileTwo for simplicity's sake. ProfileOne I want to clear its cache on exiting Firefox and on ProfileTwo have it retain its own cache. I have already setup both profiles and configured them accordingly with ProfileOne's privacy settings for Clear History > Cache checked so it clears on exit and ProfileTwo is not set to clear anything on exiting.
  The main issue is that after doing something with ProfileTwo then switching to ProfileOne, upon exiting ProfileOne it also deletes ProfileTwo's cache. I have tried using the profile manager to create the profile in a different location than default to no avail. Is there any way to set it so ProfileOne's cache can still be cleared on exit without affecting ProfileTwo's cache?

  After checking a few different options, it looks like the add-on Better Privacy provides the options I need for LSO management and does separate HTML cookies from Flash cookies nicely and lets me save specific site's LSOs. Thanks for the assistance!

• Multiple profiles/users on the same device

  Hi there,
  I know that iOS is a single user environment.
  But, I am currently working in an enterprise environment and I was wondering if it was possible to have several profiles on the same device, maybe using certificates or so?
  Thanks for your help
  Cheers,
  Pierre.

  It would seem that unlike previous iOS devices the iPad and possibly AppleTV call for the ability to enable multiple profiles/users on the same device.
  I would suggest that if this capability is not on the roadmap for iOS by now then there is a least one place where alternatives to the iPad will have a major advantage.
  The thought they I would have to buy multiple iPads one for myself, my wife and my child because of a software constraint is untenable from a ecological standpoint (all these devices end up as landfill) let alone the economic one.
  Also as I use the iPad I see it's potential to become as important computing platform to me as my laptop eventually surpassing it. In this light I can't see how it could remain just a personal device.

• Cant open multiple profiles at the same time on Outlook.

  So i have done some research and found that you can use command line switches to open different profiles in Outlook.
  e.g. "C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE" /profiles "ProfileName"
  What i want to do is open two different profiles at the same time. So i already have one profile open, i use the method above, however it simply opens a copy of the profile i already have open rather than the one i defined in the command line switch?
  I know it works because if i don't have a profile open it opens the profile i specify. Is this by design? If so what is the point in having a profile switch? If someone could help me get this working it would be great.
  Thanks in advance.

  Hi Eric,
  Thanks for confirming this. We already have all the mailboxes that she wants on her main profile. The problem is that Outlook cant handle processing all of these at the same time and continuously crashes and hangs. As i said previously the .ost for her profile
  was 16GB, i have managed to reduce to 9GB but Microsoft themselves say that anything above 5GB needs extra hardware power for a good user experience.
  http://support.microsoft.com/kb/2695805/en-gb 
  Up to 5 gigabytes (GB): This file size should provide a good user experience on most hardware.
  Between 5 and 10 GB: This file size is typically hardware dependent. Therefore, if you have a fast hard disk and lots of RAM, your experience will be better. However, slower hard disk drives,
  such as drives that are typically found on portable computers or early-generation solid-state drives (SSDs), experience some application pauses when the drives respond. 
  More than 10 GB: When the .ost file reaches this size, short pauses begin to occur on most hardware.
  Very large (25 GB or larger): An .ost file of this size increases the frequency of short pauses, especially while you are downloading new email messages. However, you can use Send/Receive
  groups to manually sync your mail. For more information about Send/Receive groups, see the "Are you synchronizing many RSS feeds?" section.
  I find it surprising that you cant have multiple profiles with different mailboxes when you consider you can only have an .ost up 5GB to have a good user experience. Maybe this is something the developers can put into the next version of Outlook? Or release
  as a patch?

• I have multiple profiles and want to go back to a single profile without losing data or programs that are not shared

  Hi
  I need help
  My partner has set up multiple profiles on the iMac and has not done the sharing of files and software correctly.  Therefore we have some programs that do not operate in all profiles.  I want to go back to a single profile but need to be sure I am not going to lose any data or programs in the process. 
  Can any one give me a step by step guide - I am not mac savvy.
  Thanks in advance

  Hello!
  I recently just downloaded the 'Waze' app as a backup for my Garmin. I've read a few reviews that seem to rant and rave about how good the GPS app is. It is community driven and maps are constantly being updated by users. Plus it has a few other fun stuff in it (something similar to Gasbuddy where you can owe prices on the map). But like the person above me said, there is lots of useful free GPS apps in the App Store.
  Oh and I may be wrong but I remember reading an article about Google being slower about updating its maps system--ie no turn by turn voice, which many people have had complaints about.
  Happy Searching!
  Ps - if you switch I wouldn't go to Blackberry.

• When trying to start Firefox I keep getting message saying "A copy of Firefox is already open. Only one copy of Firefox can be open at a time." I've started a new Profile but Profile Manager keeps telling me the Default one is still in use.

  When trying to start Firefox again I got a message saying "Close Firefox. A copy of Firefox is already open. Only one copy of Firefox can be open at a time." This question is addressed in Mozillazine but nothing I've tried from there seems to work. I started a new Profile from the Profile Manager which at least gets me up and functioning, but weirdly enough the Manager also tells me the old (Default) profile is still running, though I can't find a way to close it. I also can't find the Default profile in my profile manager. can anyone help?
  == This happened ==
  Just once or twice
  == i thought I'd exited Firefox and was going in again.

  Had this problem on my MacBook after I deleted my profile (the profile folder is named something like asd8f7as.default). The solution for me was to open profiles.ini and delete the information about the profile I had deleted. It should look something like this:
  [Profile0]
  Name=default
  IsRelative=1
  Path=Profiles/2xr4hi1g.default
  Delete, save, problem solved.

• Using the the multiple profiles and running more than one instance of Fire fox at atim

  I use F/F in a gaming situation I needed to be able to run more than one session at a time and read about a feature called multiple profiles. Then I read iin another forum that I could have multiple instances with the following bat file :
  @echo off
  set MOZ_NO_REMOTE=1
  start "" "C:\Documents and Settings\Hilton Wiggins\My Documents\Fire Fox non Beta\firefox.exe" -p-no-remote
  set MOZ_NO_REMOTE=0
  I also have the Beta 4.06 on my machine and even though the batch file directs it to wither the Beat or the Non Beta they both seem to track the profiles and can be used in either version.
  However It's not working as I described running two browsers with grease monkey it will start to mis handle data and they both lock up

  There is no need to set MOZ_NO_REMOTE, remove that part of the bat file. Change the start line to:
  start "" "C:\Documents and Settings\Hilton Wiggins\My Documents\Fire Fox non Beta\firefox.exe" -no-remote -p "profile name"

• Installing CRM Online for Outlook with multiple profiles

  For a number of reasons I have had to create multiple profiles in Outlook. I also have a Microsoft CRM account. Up to this point I have been able to successfully install and use CRM for Outlook on my previous profiles. However, when the last profile was
  created the CRM for Outlook functionality did not install. / transfer. I have tried uninstalling the CRM for Outlook and reinstalling. No luck it only crashed an old profile which appears now to be inoperable. It is essential that I get the latest Profile
  working the CRM for Outlook  Any suggestions?

  Hi,
  As per the description, I understand that it's an issue about CRM Online for Outlook.
  This is the forum to discuss questions and feedback for Microsoft Office client. To get better assistance, I would suggest you to post in
  Microsoft Dynamics CRM Forum, where you can get more experienced responses:
  https://community.dynamics.com/crm/f/117.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Regards,
  Ethan Hua
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Enable multiple profiles for data entry profile in HRESS_A_CATS_1

  Hi,
  We are trying to migrate from JAVA web dynpro to abap web dynpro.
  Can any one tell me how to activate multiple profiles in cats record & release application.
  I created one custom application configuration for hress_a_cats_1 from hress_ac_cats_1 and togged on the multiple profiles feild. But, when i test the configuration hresss_ac_cats_1 it still calls the standard config but not my custom config.
  I have even assigned this custom config but it does not call what else do i need to do ?

  Harsha i have this problem in ABAP Stack so no iviews. Thanks though.
  Teja,
  Thanks for the answer.
  What i did exactly is went to T-code: lpd_cust where we maintain all the applications.
  Open the Role: ESS and Instance MENU.
  Drilled down to : Employee Self Service-> Working Time-> Time Recording-> Record Working Time
  Click on Advanced parameters
  Change the configuration name to custom name from standard.

• Single network connection using multiple profiles

  Apologies if this has already been asked - I have searched!
  Is there a way of setting up netcfg - or a wrapper script - so that it tries multiple profiles  but then stops when it finds one that works?  These profiles might be a mix of wired or wireless - so simply using net-auto-* doesn't look like a solution (unless I'm misunderstanding them?).
  My laptop often lives in my office where it is connected to a wired connection.  But, being a laptop, it is sometimes moved and will need, in most cases, to connect to a wireless connection.
  I'd like the system, during boot, to try profiles in a given order and stop when one connects - is this possible?

  Sounds like what netcfg normally does if you enable the service? Or net-profiles as the initscript was called. (This is based on documention, never used this myself.)
  https://wiki.archlinux.org/index.php/Ne … t-Profiles
  Edit: I run net-auto-wired and -wireless with POST_UP and PRE_DOWN commands to stop net-auto-wired when a cable is plugged in and restart it when the cable is removed. Seemed to work pretty well, but I think I've never actually used a wired connection since I set that up...
  Last edited by Raynman (2012-11-21 16:47:30)