AnyConnect with IPSec

Started by routerdork, December 30, 2015, 08:48:45 AM

Previous topic - Next topic

routerdork

Has anyone come across a good way to distribute AnyConnect Profiles out to clients of non-company owned devices? I'm thinking this may be something BYOD guys have run into already.

Very few people have laptops here. For instances when remote work is needed the company allows anyone to VPN in from a home PC/MAC/etc. and then RDP to their workstation. Since I won't have SSL on I can't wait for everyone to connect and download the profile that would switch them to IPSec. I have come up with the standard make it available on a share, portal, etc. options. My concern is how can I provide this file to someone that needs it in an emergency for customer support? Has anyone found a way to package it and/or make it available from the services page? Would be nice if we could repackage the AnyConnect installer to force IPSec.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

deanwebb

There may be a way to do it with an MDM system, but I'm not sure. If the person has internet access, there's Go2MyPC or stuff like that where you can execute a remote installation.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

icecream-guy

Zip it up, copy to a 5 1/4" floppy disk, and snail mail it to them.
:professorcat:

My Moral Fibers have been cut.

deanwebb

Quote from: ristau5741 on December 30, 2015, 10:54:52 AM
Zip it up, copy to a 5 1/4" floppy disk, and snail mail it to them.
Yes, but you'll also have to FedEx a USB floppy drive. I prefer the models with 3.5 and 5.25 disk slots, as well as an Iomega Zipdisk bay.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

wintermute000

why can't you just use SSL again??? (licensing?)

The old IPSEC client still works AFAIK and there is a 64 bit version that works fine in Win7 64

routerdork

Quote from: wintermute000 on December 30, 2015, 03:05:52 PM
why can't you just use SSL again??? (licensing?)

The old IPSEC client still works AFAIK and there is a 64 bit version that works fine in Win7 64
They've SSL right now but they are using a third-party client. The new one that I've setup is IKEv2/IPSec.
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln