Add Connection Profiles to Cisco AnyConnect Secure Mobility Client

I enjoy the new VPN client, it’s small and fast, however I hated that you can’t save profiles in the drop down list like you could in the traditional VPN client.

VPNNoProfile

This has been bothering for a long time and kept finding conflicting information on if this was possible or not. Finally got it to work.

VPNProfiles

This is for version 3.1x and Windows 7 let me know if this works for your version and OS.

  • Create a preferences.xml file in C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\
  • Use this format

<?xml version="1.0" encoding="UTF-8"?>

<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/">
<ServerList>
     <HostEntry>
          <User>dclouduser</User>
          <SecondUser></SecondUser>
          <ClientCertificateThumbprint></ClientCertificateThumbprint>
          <ServerCertificateThumbprint></ServerCertificateThumbprint>
          <HostName>dCloud</HostName>
          <HostAddress>dcloud-rtp-anyconnect.cisco.com</HostAddress>
          <Domain></Domain>
          <Group>ssl_url</Group>
          <ProxyHost></ProxyHost>
          <ProxyPort></ProxyPort>
          <SDITokenType>none</SDITokenType>
          <ControllablePreferences>
          <LocalLanAccess>true</LocalLanAccess></ControllablePreferences>
     </HostEntry>

     <HostEntry>
          <User>dmacias</User>
          <SecondUser></SecondUser>
          <ClientCertificateThumbprint></ClientCertificateThumbprint>
          <ServerCertificateThumbprint></ServerCertificateThumbprint>
          <HostName>Speech-Soft</HostName>
          <HostAddress>vpn.dmacias.com</HostAddress>
          <Domain></Domain>
          <Group>ssl_url</Group>
          <ProxyHost></ProxyHost>
          <ProxyPort></ProxyPort>
          <SDITokenType>none</SDITokenType>
          <ControllablePreferences>
          <LocalLanAccess>true</LocalLanAccess></ControllablePreferences>
     </HostEntry>
</ServerList>

</AnyConnectProfile>

  • Save the file.
  • Restart the connectivity client.
  • Enjoy

~david

EDIT 01/18/2017: This also works with Cisco AnyConnect 4.x!

51 Comments

  1. Thank you! This had been driving me crazy – I needed to replace my exisiting servers with a new one. I had been typing in the address manually every time. These instructions fixed my issue.

  2. add profile.xml same path also works, however, no idea why username can not be remembered。。。

  3. Thank you..
    It has been driving me crazy for a long time to replace with a new connection.

    Appreciate!

  4. I also noticed that there was persistent entry in anyconnect after using your workaround. The persistent entry was found one directory up in the global preferences xml. Thank you for this how-to!

  5. It also working for me to load HostName and HostAddress, but not the user. It keeps getting the username from the tag in C:\Users\(user)\AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client\preferences.xml
    Any idea why it works like that?
    Thanks!

  6. So did anyone get the username to be retrieved based on drop down? That seems to be cached and cannot get to work. Any help appreciated.

  7. The original posted answer showed:

    dclouduser
    ssl_url

    I do get a drop down using:
    dCloud
    dcloud-rtp-anyconnect.cisco.com

    I was hoping user and group would also come up when selecting hostname from the drop down.

    That looks like what everyone was asking about.

    Is there no way to get username and group from an xml?

  8. So, did CISCO provide a way for use to have user and group or any other user attributes associated with a hostname?

  9. Thanks a lot for the help! I was trying to find solution couple days already, and yours work!!! How did you find it yourself man? I do not see it in Cisco official f@king docs )

  10. I suspect I ran across it on the support forums, honestly it’s been forever. Certainly something Cisco should look into implementing as this seems to be my most popular post. Glad it helped you out.

  11. Thanks for posting! Works with version 3.1.x and Windows 10. Like others, this has saved a lot of frustration in what seems like a simple thing of remembering connection info.

  12. This does not work for me with version 4.2.01022 on Windows 7 Pro SP1.

    The last session does not work for me by default. I also do not even have a profile directory. I created one and added the xml file, but that did not work unfortunately.

  13. Sorry, please delete my previous comments.

    Hi, I’m using mac,
    with Cisco AnyConnect 4.3.03086

    To add new profile,
    I just create new xml file under directory
    /opt/cisco/anyconnect/profile/

    I name it myprofile.xml

    Then inside my xml file, you may type your connection name and ip address, inside this xml tag.

    You may look on my codepen.
    Looks like this blog comment doesn’t allow html/xml tag script

    http://codepen.io/tomfreakz/pen/WRwOBE

    It works on my mac.
    What about you? :)

  14. @tomfreakz: Hey, just tried your solution for Mac but unfortunetaly this doesnt work for me. It simply does not appear in the VPN drop down menu. Any clue?

  15. Thanks dmacias & tomfreakz, this site was extremely helpful.

    I’ve confirmed tomfreakz’s solution works for Mac OS (Sierra) with Cisco AnyConnect client v4.2

  16. Thank dmacias

    I’m using it with AnyConnect 3.1 on a Windows 10 1703 Client and it works great for me

    Philip

  17. Hey sorry for the newbie question, I’m not a coder. Can you highlight the areas where I plug the two URLs for the two profiles? This seems simple enough if I know what to replace, but the one URL at the beginning is throwing me off. What goes there? (http://Schemas…) Thank you.

  18. Cassandra,

    Look at the following two lines inside of the XML block:


    <HostName>Speech-Soft</HostName>
    <HostAddress>vpn.dmacias.com</HostAddress>

    Let me know if this doens’t help.

  19. I have 2 URLs working, but each has a different group and username. Is there a way to get those to come up when I select that URL.

  20. Dmacias – great solution on Win 7. thanks so much. Let us know when you figure out how to bring in the username!

  21. The username may need to use %username% in order to bring the current username in use in Windows (or it may need to be added manually between the tags

  22. I’ve tried both USER and USERNAME tags, neither worked. The AnyConnectProfile.xsd does not show a tag to specify a user. :(

  23. I just want to thank you guys for the threads which helped me with anyconnect. A especial thanks to tomfreakz for sharing how to write a concise anyconnect xml profile.

    Thank you.

Leave a Reply