Using ASA as an Anyconnect profile deployment tool

I have a requirement to use an ASR router as a IKEv2 headend for Anyconnect clients.  For ease of deployment, I want to use the ASA firewall to enable users (multiple OS - Win/Mac/Linux) to download their respective Anyconnect clients as well as the profile needed to connect to the ASR.  Note that the ASA is only used for AC and AC profile downloads, it takes no part in any VPN termination.  Users will just point their browser to the ASA firewall web page and download both the AC client and the profile, then they will launch the AC and connect to the ASR router. 
My question is, can this be done? 
Thank you!

Yes, I want to deploy the software independant of any ASA VPN connection.  From the Admin guide:
When deployed from the ASA, remote users make an initial SSL connection to the ASA. In their browser, they enter the IP address or DNS name of an ASA configured to accept clientless SSL VPN connections. The ASA presents a login screen in the browser window, and if the user satisfies the login and authentication, downloads the client that matches their computer's operating system. After downloading, the client installs and configures itself and establishes an IPsec (IKEv2) or SSL connection to the ASA.
On the last sentence, I need the client to establish an IPSEC connection to the ASR, not the ASA.  Just wanted to confirm that this can be done. 
Thank you

Similar Messages

  • Using LabVIEW Packed Library within TestStand Deployment Tool

    I am wondering what could be the interest of generating Packed Library within the TestStand Deployment Tool since the sequences using these VIs will not be able to find the dependant VIs included into the build Packed Library on the deployment target.
    Any experience using Packed Library within TestStand Deployment Tool ?
    Jean-Louis SCHRICKE
    ├ CTA - Certified TestStand Architect (2008 & 2010 & 2014)
    ├ CTD - Certified TestStand Developer (2004 & 2007)
    └ CLD - Certified LabVIEW Developer (2003 & 2005)

    Jiggawax,
    Sorry for the confusion,
    My question concerns the developement of Custom Step Types.
    For example, within a project or as an independant product.
    The best practices is to avoid using main module when developing CST in order to preserve evolutivity (main module calling paramters are copied within CST instances and could need prototype updating). I prefer using PostStep (as NI does for its own CST).
    Thus, when creating the CST palette, I have to configure the EditStep and the PostStep and define each VI call.
    If I want to distribute these VIs through a .lvlibp, then I need to build a .lvlibp very early and use it within my CST palette.
    This .lvlibp will be used on deployed benches and may not contain VI diagrams and debug options (best performance).
    But during the development of my CSTs, if I need to debug the VIs called when using CST whitin a sequence, and if I don't want to change the called VIs defined in my CST palette, then I need to regenerate this .lvlibp with debug option (different from the deployment .lvlibp) in order to allow debug.
    May be it could be interesting that the TestStand deployment tool take into account SubSteps when selecting the Packed Library option. This tool is able to modify sequences, it could be able to change also palette configuration file.
    This will allow to have only two levels :
     > Source and Debug (VIs)
     > Deployment (.lvlibp)
    instead of three :
     > Source (VIs)
     > Debug (.lvlibp with debug option)
     > Deployment (.lvlibp)
    Jean-Louis SCHRICKE
    ├ CTA - Certified TestStand Architect (2008 & 2010 & 2014)
    ├ CTD - Certified TestStand Developer (2004 & 2007)
    └ CLD - Certified LabVIEW Developer (2003 & 2005)

  • Do I have to use deployment tool to build my ear/jar/war ?

    Hi !
    I have a ear application, which is developed in JBOSS+Tomcat.
    I want to port this into iPlanet sp3 test drive. Do I have to use the
    deployment tool to generate the uid and isa xml files ?
    Can I edit it manually ? cause I have problem to resolve my almost 100
    jsp/html/img files. And even if I do, it always tells me "missing xml
    files".
    Thanks,
    H.H.

    Hi,
    If you are good at XML then please go ahead and build the required XML
    files. If not, it's always better to use the deployment tool bundled with
    iAS or use Forte For Java 3 Enterprise Edition to deploy the application.
    Please do not use JDK other than the one provided with iAS as it may not
    produce the correct results. However you can use JDK 1.3 to build your
    application but your app server doesn't run on JDK 1.3. Again, some of the
    functions may run and there is no guarantee to work, the tech support may
    refuse to support on your application if you use JDK 1.3. Hope this helps.
    Regards
    Raj
    I will try again, and do you have any suggestions for the "missing xml
    files" ?
    Also I rememeber seeing one of your post somewhere metioned that ias
    doesn't
    work with jdk1.3 ?
    do you have any suggestions if we are using some 1.3 functions such as
    TimerTask ?
    Thanks
    Brandon wrote:
    Hi !
    I have a ear application, which is developed in JBOSS+Tomcat.
    I want to port this into iPlanet sp3 test drive. Do I have to use the
    deployment tool to generate the uid and isa xml files ?
    Can I edit it manually ? cause I have problem to resolve my almost 100
    jsp/html/img files. And even if I do, it always tells me "missing xml
    files".
    Thanks,
    H.H.

  • Trouble deploying a J2EE application using the J2EE 6.20 Deploy Tool

    I am having trouble deploying a J2EE application using the J2EE 6.20 Deploy Tool.
    I successfully create the WAR/EAR files, I then select deploy and the deploy process gets to 100% before displaying an error message.
    Can anybody help?
    Please see Deploy Tool log entry:
    01:39 -  **********************************************************
    05/01/17 10:19:16 -  Applying user role management mappings.
    05/01/17 10:19:16 -  Start updating EAR-file...D:\SAP_J2EEngine6.20_Cluster\deploying\carmodeller\carmodeller.ear
    05/01/17 10:19:27 -  Temp files deleted...
    05/01/17 10:19:27 -  Ear-file updated successfully for 11375ms.
    05/01/17 10:19:27 -  Start deploying ...
    05/01/17 10:20:15 -  Ear-file uploaded to server for 47297ms.
    05/01/17 10:21:47 -  ERROR: ID90506: NOT Deployed. ERROR returned from deploy service :
                         com.inqmy.services.deploy.container.DeploymentException: Can't init application carmodeller. com.inqmy.services.servlets_jsp.server.WebApplicationException: ID17110: Error in starting application carmodeller.java.lang.NullPointerException
                              at com.inqmy.services.servlets_jsp.server.ServletsAndJspImpl.deploy(ServletsAndJspImpl.java:482)
                              at com.inqmy.services.servlets_jsp.server.WebContainer.commitDeploy(WebContainer.java:256)
                              at com.inqmy.services.deploy.server.DeployServiceImpl.commit(DeployServiceImpl.java:2848)
                              at com.inqmy.services.deploy.server.DeployServiceImpl.deploy1(DeployServiceImpl.java:512)
                              at com.inqmy.services.deploy.server.DeployServiceImpl.deploy(DeployServiceImpl.java:140)
                              at com.inqmy.services.deploy.server.DeployServiceImplp4_Skel.dispatch(DeployServiceImplp4_Skel.java:184)
                              at com.inqmy.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:157)
                              at com.inqmy.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:108)
                              at com.inqmy.core.service.context.container.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:36)
                              at com.inqmy.core.cluster.impl5.ParserRunner.run(ParserRunner.java:55)
                              at com.inqmy.core.thread.impl0.ActionObject.run(ActionObject.java:46)
                              at java.security.AccessController.doPrivileged(Native Method)
                              at com.inqmy.core.thread.impl0.SingleThread.run(SingleThread.java:153)
    05/01/17 10:21:47 -  **********************************************************

    Hi, it looks like the app has trouble starting up:
    05/01/17 10:21:47 - ERROR: ID90506: NOT Deployed. ERROR returned from deploy service :
    com.inqmy.services.deploy.container.DeploymentException: Can't init application carmodeller. com.inqmy.services.servlets_jsp.server.WebApplicationException: ID17110: Error in starting application carmodeller.java.lang.NullPointerException
    Did you have any errors on the compile of the code?
    You also want to check if the app is deployed (if so you may want to remove it before re-deploying it)

  • Using Sun Appserver 7 deploy tool to package 2 ejbs and their clients

    I have a question on how to package two beans into one distributable jar file and also provide the two associated test clients - each in its own jar file. Any help or suggestions would be very much appreciated. This is what I'm trying to do:
    I am using the deploy tool that is packaged with Sun One Application Server 8.2. I currently have two stateless session beans deployed to a J2EE 1.4 Sun One Application Server and a test application client for each bean. For each bean, I created a j2ee application (ear) file and packaged the EJB JAR file containing the bean's classes and deployment descriptor, and an application client. I followed the steps as outlined in Sun�s ConverterApp example in their j2ee tutorial. (The example is from chapter 24 in the j2eetutorial14 � example ejb/converter) Upon deploying, the tool returns a client jar file that you can then use to call the bean. I have been able to successfully execute both beans in this manner.
    Now, for distribution, I need to package both of the beans in one jar file and also provide a separate jar file for each test client, but I don�t see how to use the deploy utility to do this. Can anyone suggest what would be the best (fastest) way to do this? Any help would be very much appreciated. Thanks.

    The code and ejb-jar.xml look ok to me. Try checking the server.log to see if there were any deployment errors.
    What exact class is the lookup code from your note defined in, com.sun.some.someEJB?
    --ken                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Deploy ejbs without using deployment tool in J2EE server

    Hi,
    IS there any way to deploy ejbs in J2EE without using the deployment tool? I am using the j2ee 1.2.1.
    Thanks,
    Nipa

    When I was in my companies Java Boot Camp (6 week fulltime training in Java technologies) the class was split about 75/25 with 75% of the class using a deployment tool (I think it was WebGain). The other 25% did not use a deployment tool. I was one of the 25%.
    What we did was write a Perl script that took care of all the necessary deployment steps. It has been awhile, and I no longer work for that company, but I'll try and dig up some of those scripts. (Can't promise I'll find them!)
    BTW, the 25% group deployed more EJBs with less problems than those using the deployment tool...

  • Steps to deploy Lync for users who own Office 365 E1/E2 licenses, but don't have Office 365 E3, using Office Deployment tool.

    After many hours of debugging with Microsoft support the system to install the Lync Client silently can be done with a SINGLE LINE command.  The steps to take are below. It should be an easy next step to put this as GPO installation since
    it is a simple command.
    Comments appreciated. 
    side question: Why is there no Lync 2013 or Lync Office 365 forum?
    Basic steps to deploy Lync for users who own Office 365 E2 licenses, but don’t have Office 365 E3, using Office Deployment tool.
    This also applies for other Office 365 service types where the full office suite download is not included.  In April 2015 This was impossible to find online and not know by the Lync support team.
    Steps are:
    Download the Office deployment tool from
    http://www.microsoft.com/en-in/download/details.aspx?id=36778 and extract it to a folder. For this
    example we will use the \\server\sharename
    location.
    Extracting it creates a setup.exe file and it show a sample XML file.
    2. Create XML file and give it a name such as LyncEntryRetail.xml
    Note: The key is the productID that has to be the “LyncEntryRetail”. Other product IDs will download a version that needs another office 365 license. The productID “LyncRetail” needs an E3 license of Office 365.
    <Configuration>
      <Add SourcePath="\\server\sharename" OfficeClientEdition="32" >
        <Product ID="LyncEntryRetail">
          <Language ID="en-us" />
        </Product>
      </Add> 
    </Configuration>
    3. From the folder where you extracted the Office deployment tool, run the following command on the command prompt to download the source files and store them on the shared drive:
     (on single line)
    Setup.exe /download LyncEntryRetail.xml  
    (This is the name of the XML file created above)
    One can also run the same on a server share by using UNC path names such as  (on single line)
    \\servername\sharename\Setup.exe /download
    \\servername\sharename\LyncEntryRetail.xml  
    (This is the name of the XML file created above)
    4. Run the following command on the command prompt on a machine where you want to install the software: (on single line)
    \\servername\sharename\Setup.exe /configure
    \\servername\sharename\LyncEntryRetail.xml  
    (This is the name of the XML file created above)
    Once you are comfortable that it all works, you may want to edit the XML file if you want to have silent installation and add the following lines.
      <Display Level="None" AcceptEULA="TRUE" /> 
      <Property Name="AUTOACTIVATE" Value="1" /> 
    Regards
    Bart
    Bart Louwagie

    Hi Chudly,
    For the office365 issue, I also recommend you can post in dedicated forum for more efficient support:
    http://community.office365.com/en-us/f/166.aspx
    If you want to modify the powershell script, please post the current script and the issue, we will notice and continue to follow up.
    If there is anything else regarding this issue, please feel free to post back.
    If you have any feedback on our support, please click here.
    Best Regards,
    Anna Wang
    TechNet Community Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Error / fails to connect Oracle data source using deploy tool

    Hi,
    I want to deploy SAP AS on my company's J2EE application. I deployed the application using Deploy Tool successfully. The application is started without error.
    When I tried connecting the log on page.  I got error in LogViewer:
    Error while accessing porting layer for ORACLE database via getDatabaseHost().
    Relatives : com.sap.sql.jdbc.direct.DirectConnectionFactory
    Resource Bundlename : com.sap.sql.log.OpenSQLResourceBundle
    Source : /System/Database/sql/jdbc/direct
    Argument Objs : ORACLE,getDatabaseHost(),
    Where to look for debugging errors?
    -- Joe

    Hi Markus,
    I changed to Vendor SQL and set Initial Connection to 1.
    On Monitor tab, I see a green line running across the screen. 
    I believe this proves that the connection has been established.
    Thanks a lot!
    -- Joe

  • AnyConnect using ASA for product evaluation

    Hello Security folks,
    I am evaluating Cisco Anyconnect VPN solution using ASA. I have few questions needs to be answered asap.
    1st-
    Can we combine business partners and employee client connections on a single ASA in a secure manner?
    2nd-
    How the Anyconnect functions for selecting the nearest gateway (optimized gateway selection) to a user works? - I have below link which has a very good explanation but I am looking for the best response.
    (https://supportforums.cisco.com/docs/DOC-15326)
    3rd-
    Can you please highlight the important features which are not supported in other vendors SSL solutions?
    Thanks & Regards,
    Deepak A.

    Karsten,
    That helps me. I think I can try to use Cisco IOS router where I can implement Anyconnect at the same time I can have VRF features too. But there are some limitations with the Cisco IOS as below, I will decide the best product satisfying my needs.
    Q. Is AnyConnect supported on Cisco IOS® devices?
        A. Yes.
        As of Cisco IOS Software Release 12.4(15)T in browser-initiated mode only as per the Release 12.4T New Security Features Notes.
        As of Cisco IOS Software Release 12.4(20)T, standalone mode is also supported.
        For more information, refer to SSL VPN Remote User Guide.
        Notes:
            Support for DTLS is introduced from Cisco IOS version 15.1(2)T. Refer to the svc dtls command for more information.
            Client keepalives are not supported on Cisco IOS devices until the 12.4(20)T release.
            Updates to the hardware crypto that can cause disconnects have been resolved with 12.4(T2) for 87x platforms.
           Start Before Logon is currently not supported by Cisco IOS.
    Q. Is it possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router?
        A. No. It is not possible to connect the iPad, iPod, or iPhone AnyConnect VPN Client to a Cisco IOS router. AnyConnect on iPad/iPhone can connect only to an ASA that runs version 8.0(3).1 or later. Cisco IOS is not supported by the AnyConnect VPN Client for Apple iOS.

  • Deploying manually CC PKG file built with CC Packager. Not using any third party deployment tool. However after each 5 installations, the PKG files corrupt and cannot be use for a 6th installation. I have to build a new PKG file using CC packager.  Why ?

    Deploying manually CC PKG file built with CC Packager. Not using any third party deployment tool. However after each 5 installations, the PKG files corrupt and cannot be use for a 6th installation. I have to build a new PKG file using CC packager.  Why ?

    http://helpx.adobe.com/creative-cloud/packager.html
    http://forums.adobe.com/community/download_install_setup/creative_suite_enterprise_deploym ent

  • Download O365 installer files using Office Deployment Tool times out...

    Hi,
    We need to deploy O365ProPlus as part of an operating system image using MDT.  I was pointed to this page for instructions:
    https://technet.microsoft.com/en-us/library/dn314789.aspx
    We first needed to download the source files, so I first downloaded the Office Deployment Tool and used this to download the O365ProPlus image to my MDT server.
    I created the following config file (O365x64.xml):
    <Configuration>
      <Add SourcePath="X:\O365\" OfficeClientEdition="64">
       <Product ID="O365ProPlusRetail" >
         <Language ID="nb-no" />      
       </Product>
      </Add>
    </Configuration>
    And I invoke the command to run the Office Deployment Tool:
    .\setup.exe /download X:\O365.x64.xml
    Then the process creates a folder X:\O365\Office\Data with a couple of 16kb CAB files, but nothing happens apart from this.
    What am I doing wrong...?  I expect the Office folder to be alteast a gigabyte...
    Thanks for comments
    Tor

    Please first check your network or switch to a different network, then try again.
    Additionally, you might want to check if your network setting/firewall setting is blocking any Office 365 IP address/URL:
    https://technet.microsoft.com/en-us/library/hh373144.aspx
    Regards,
    Kapaal

  • Is it possible to use Apple Configurator to do a remote wipe of an iPad? Or must I use the profile manager tool within OS X Server?

    Is it possible to use Apple Configurator to do a remote wipe of an iPad? Or must I use the profile manager tool within OS X Server?

    no apple configurator connects via usb
    you'll need a MDM solution such as OSX server profile manager for remote wipe
    OTA pushing profies remote wipe etc
    you could use icloud for remote wipe

  • How to specify JDBC Oracle url using deployment tool - Entity Bean

    Hello I'am new to EJB.
    When creating a entity bean-managed persistence and you need to specify the jdbc url with user name
    and password to establish a connection object, how does one specify that in the deployment
    tool?
    Heres an example of what has in the J2EE tutorial has in AccountEJB to get an connection object
    private String dbName = "java:comp/env/jdbc/AccountDB";
    private void makeConnection() throws NamingException, SQLException {
    InitialContext ic = new InitialContext();
    DataSource ds = (DataSource) ic.lookup(dbName);
    con = ds.getConnection();
    Now if my oracle jdbc url is to be jdbc:oracle:thin:@Abe:1521:dev
    ie My host is Abe, port number 1521 and database name of dev and username/password will be system/manager.
    what would my dbName be at the top?
    Would my JNDI lookup of a DataSource resource "java:comp/env/jdbc/AccountDB" become "java:comp/env/jdbc/dev" for starters?
    In the Resource Factories Reference Code I've add a reference of
    Coded Name: jdbc/dev
    Type: javax.sql.DataSource
    Authentication: Container
    and down the bottom of the I've put JNDI Name: MyAccount
    according to the AccountClient code of:
    Context initial = new InitialContext();
    Object objref = initial.lookup("MyAccount");
    and put User Name of "system" and Password of "manager"
    I'am sure in the source code I have to put
    Class.forName("oracle.jdbc.driver.OracleDriver")
    else you would get that no sutitable driver error, maybe you don't have to if ejb server is smart enough?
    What I'am confuse about is where to specify the jdbc url of "jdbc:oracle:thin:@Abe:1521:dev" ??
    Know it won't work because of this vital part. Do you have to put that somewhere else in the deployment tool or properties file, or some other tool??
    Please help
    Thanks
    Abraham Khalil

    When running the client after successful deployment with jdbc, I'am getting
    javax.naming.CommunicationException: java.rmi.MarshalException: CORBA MARSHAL 1398079699 Maybe; nested exception is:
    org.omg.CORBA.MARSHAL: Unable to read value from underlying bridge : minor code: 1398079699 completed: Maybe
    org.omg.CORBA.MARSHAL: Unable to read value from underlying bridge : minor code: 1398079699 completed: Maybe
    at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_value(CDRInputStream_1_0.java:923)
    at com.sun.corba.ee.internal.iiop.CDRInputStream.read_value(CDRInputStream.java:281)
    at com.sun.corba.ee.internal.corba.TCUtility.unmarshalIn(TCUtility.java:274)
    at com.sun.corba.ee.internal.corba.AnyImpl.read_value(AnyImpl.java:554)
    at com.sun.corba.ee.internal.iiop.CDRInputStream_1_0.read_any(CDRInputStream_1_0.java:605)
    at com.sun.corba.ee.internal.iiop.CDRInputStream.read_any(CDRInputStream.java:252)
    at com.sun.corba.ee.internal.javax.rmi.CORBA.Util.readAny(Util.java:203)
    at javax.rmi.CORBA.Util.readAny(Unknown Source)
    at org.omg.stub.com.sun.enterprise.naming._SerialContextProvider_Stub.lookup(Unknown Source)
    at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:133)
    at javax.naming.InitialContext.lookup(Unknown Source)
    at AccountClient.main(AccountClient.java:21)
    at com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:151)
    at javax.naming.InitialContext.lookup(Unknown Source)
    at AccountClient.main(AccountClient.java:21)
    One thing I don't like about EJB is that everything is transparent which is good! But its much
    harder to debug! :( Tried to see if I can figure it out. Hope someone has seen this problem before?

  • Problem in using J2EE server (deploy tool)

    Hi All
    I am in the starting phase of learning J2EE technology. I am facing some problem .
    1. When I start the deployment tool by command "deploytool" , the console appears but it does not have menu "server".
    2. I am not able to specify JNDI names as after selecting the application name, the Inspactor window does not have tabs "JNDI names"
    Please help me out to solve these issues.
    Thanks in advance
    anu

    After you create ?.ear.xml as previously mentioned, you can include it in your enterprise archive as follows:
    cd app\build
    mkdir META-INF
    copy ?.ear.xml META-INF\sun-j2ee-ri.xml
    jar -uf ?.ear META-INF\sun-j2ee-ri.xml
    Then you should be able to deploy your application and run your client successfully.
    You also might want to check out:
    http://groups.msn.com/J2EETools/createdescriptors14.msnw
    for the specific steps on how to create the ?.ear.xml that includes JNDI names.

  • VPN AnyConnect Pre-deployment Configuration

    Is it possible with the Anyconnect predeployment tool to uncheck the "Block connections to untrusted servers" in the MSI for AnyConnect secure mobility client version 3.1.05152 so that it gets pushed out to endusers this way?

    It's part of the AnyConnect global local policy xml file. You can opt to deploy that (and any connection profiles) along with the msi which installs the other application bits.
    You can create it on the ASA using ASDM and manually copy if off into your deployed package or use the standalone AnyConnect Profile Editor - VPN Local Policy component in this case. Unchecking the "Strict Certificate Trust" is the box that changes the client behavior the way you asked. that translates to a line in the file like this:
    <StrictCertificateTrust>false</StrictCertificateTrust>

Maybe you are looking for