VPN Head End Pushed Installation
Cisco VPN Head End Deployment
Cisco Secure Client may also be deployed from a Cisco Secure VPN head end such as an ASA. Head end deployment is not available on Meraki MX devices for Umbrella profiles.
Deploy the module
To add the Umbrella module to your VPN profile, add “Umbrella” from ASDM or with the following CLI command:
webvpn
anyconnect modules value umbrella
Deploy the Umbrella profile
After configuring the module installation, the profile must be deployed as well. Please refer to your deployment vector of choice:
ASA CLI
- Upload the OrgInfo.json obtained from the Umbrella dashboard to the ASA file system.
- Run the following commands, adjusting the group-policy name as appropriate for your configuration.
Note: The file name on the ASA is case-sensitive. If you upload a file named OrgInfo.json, you must maintain the case of the filename.
In the following example, you can configure the default group policy by setting <Group_Policy_Name> to
DfltGrpPolicy.
webvpn
anyconnect profiles orginfo disk0:/OrgInfo.json
group-policy <Group_Policy_Name> attribute
webvpn
anyconnect profiles value orginfo type umbrella
group-policy <Group_Policy_Name> attributes
webvpn
anyconnect modules value umbrella
ASDM GUI
Note that ASDM 7.6.2 is required to configure the Roaming Security module through the GUI.
- Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile.
- Choose Add.
- Give the profile a name.
- Choose the Umbrella Security Roaming Client type from the Profile Usage drop-down list. The OrgInfo.json file populates in the Profile Location field.
- Click Upload and browse to the location of the OrgInfo.json file that you downloaded from the dashboard.
- Associate it with the DfltGrpPolicy at the Group Policy drop-down list or the policy of your choice. For information about how to specify the new module name in the group-policy,
see Enable Additional AnyConnect Modules.
ISE
- Upload the OrgInfo.json from the Umbrella dashboard.
- Rename the file OrgInfo.xml.
- Follow the steps in Configure ISE to Deploy AnyConnect.
Meraki Systems Manager (SM) Deployment < VPN Head End Pushed Installation > Enable the Umbrella SWG Agent
Updated 11 months ago