The OrgInfo.json file contains specific information about your Cisco Umbrella service subscription that lets the Security Roaming module know where to report and which policies to enforce. You can deploy the OrgInfo.json file and enable the Umbrella Roaming Security module from the ASA or ISE using CLI or GUI. The steps below describe how to enable from the ASA first and then how to enable from ISE.
Use this deployment type while deploying directly without a Cisco VPN profile.
- Download a copy of the configuration profile from the Umbrella Dashboard (see Quick Start Guide).
- Depending on your system, store the file in the following locations:
If running AnyConnect:
- Windows: %ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Umbrella
- Mac: /opt/cisco/anyconnect/Umbrella/
If running Cisco Secure Client:
- Windows: %ProgramData%\Cisco\Cisco Secure Client\Umbrella
- Mac: /opt/cisco/secureclient/Umbrella/
If deploying after installing AnyConnect, the folder structure will already be in place. If deploying the OrgInfo.json before installing AnyConnect, you will need to create the folder before placing the file.
The client activates the Umbrella module once installed and OrgInfo.json is present in the Umbrella directory.
- Upload the OrgInfo.json that you obtained from the Umbrella dashboard to the ASA file system.
- Issue the following commands, adjusting the group-policy name as appropriate for your configuration.
Note: The file name on the ASA is case sensitive. If the file you have uploaded is named "OrgInfo.json", it must be specified with a capital O and capital I.
Just looking for the defaults? Use the value of "DfltGrpPolicy" below for <Group_Policy_Name>.
webvpn anyconnect profiles orginfo disk0:/OrgInfo.json group-policy <Group_Policy_Name> attribute webvpn anyconnect profiles value orginfo type umbrella group-policy <Group_Policy_Name> attributes webvpn anyconnect modules value umbrella
Note: ASDM 7.6.2 is required to configure the Roaming Security module through the GUI.
- Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile.
- Choose Add.
- Give the profile a name.
- Choose the Umbrella Security Roaming Client type from the Profile Usage drop-down list. The OrgInfo.json file populates in the Profile Location field.
- Click Upload and browse to the location of the OrgInfo.json file that you downloaded from the dashboard.
- Associate it with the DfltGrpPolicy at the Group Policy drop-down list or the policy of your choice. Refer to Enable Additional AnyConnect Modules to specify the new module name in the group-policy.
- Follow the steps in Umbrella OrgInfo.json provisioning and AnyConnect via ISE.
Updated 2 days ago