cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

307
Views
5
Helpful
1
Replies
Highlighted
Beginner

Doubt regarding default webvpn and default RA group

We have a config where we have not enabled specific tunnel- groups for the users to elect when they log in the anyconnect client.

 

 

This should  mean that when I log in the anyconnect app with my username and password I will be placed in the defaultRA group.

 

 

But here is the problem when I click on sh vpn-seesiondb anyconnect all I can see are people being a part of the defaultwebvpn tunnel-group.

The vpn protocol is ssl-cleint 

 

 

Either I am wrong in thinking that you will be a part of webvpn group only when you login from the browser or this webvpn group has some sort of precedence over the default ra group.

 

 

1 REPLY 1
Highlighted
VIP Advisor

SSL VPNs will use the defaultWEBVPNgroup.

 

Connection profiles and group policies simplify system management. To streamline the configuration task, the ASA provides a default LAN-to-LAN connection profile (DefaultL2Lgroup), a default remote access connection profile for IKEv2 VPN (DefaultRAgroup), a default connection profile for Clientless SSL and AnyConnect SSL connections (DefaultWEBVPNgroup), and a default group policy (DfltGrpPolicy).

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-groups.html

--
Please remember to select a correct answer and rate helpful posts
Content for Community-Ad