cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

2772
Views
0
Helpful
4
Replies
Highlighted

Cisco ASA anyconnect connection profile alias

Hello, just implemented anyconnect with different connection profiles. It works but I'd like users couldn't have the possibility to choose connection profiles, don't want customers for example can see manager connection profiles (even though they can't auth with that profile). Is it possible ? do I have to, in some way I don't know, provide different anyconnect client profiles for different users ? maybe it is just my security fixation.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Just don't create connection

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Guru

Just don't create connection

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

View solution in original post

Highlighted

Thanks,I also disabled

Thanks Marvin! now it works targeting on anyconnect client to vpn.mydomain.com/customers for example. I also disabled aliases on clientless vpn profiles (and disabled tunnel-group-list), other then anyconnect profiles, because they were also shown on anyconnect client logon list.

However trying to connect with anyconnet to vpn.mydomain.com I have no chance to choose connection profiles but it asked me the same user and password .. maybe it is because of defaultRAgroup? defaultRAgroup is configured as local authentication, which I don't really like, even though it is ssl and ipsec disabled anyway.

 

Highlighted
Hall of Fame Guru

You can modify your

You can modify your authentication method per connection profile. Default is to use the Local AAA method but your can specify any valid method.

Please rate useful answers and/or mark the question as answered when it has been.

Highlighted
Beginner

Re: Just don't create connection

Is there a way of ordering the alias'  At the moment its alphabetical and the profile now being selected by default is the new alias as its starts with an "A" (I know, I could rename it.. but I have config OCD!)