09-05-2014 01:27 PM - edited 03-11-2019 09:42 PM
Hello, just implemented anyconnect with different connection profiles. It works but I'd like users couldn't have the possibility to choose connection profiles, don't want customers for example can see manager connection profiles (even though they can't auth with that profile). Is it possible ? do I have to, in some way I don't know, provide different anyconnect client profiles for different users ? maybe it is just my security fixation.
Thanks
Solved! Go to Solution.
09-05-2014 08:13 PM
Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.
You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).
09-05-2014 08:13 PM
Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.
You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).
09-07-2014 02:26 AM
Thanks Marvin! now it works targeting on anyconnect client to vpn.mydomain.com/customers for example. I also disabled aliases on clientless vpn profiles (and disabled tunnel-group-list), other then anyconnect profiles, because they were also shown on anyconnect client logon list.
However trying to connect with anyconnet to vpn.mydomain.com I have no chance to choose connection profiles but it asked me the same user and password .. maybe it is because of defaultRAgroup? defaultRAgroup is configured as local authentication, which I don't really like, even though it is ssl and ipsec disabled anyway.
09-07-2014 05:59 AM
You can modify your authentication method per connection profile. Default is to use the Local AAA method but your can specify any valid method.
Please rate useful answers and/or mark the question as answered when it has been.
11-11-2017 12:07 AM
Is there a way of ordering the alias' At the moment its alphabetical and the profile now being selected by default is the new alias as its starts with an "A" (I know, I could rename it.. but I have config OCD!)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide