Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2629
Views
5
Helpful
1
Replies

Doubt regarding default webvpn and default RA group

Alfredcfc
Level 1
Level 1

‎03-30-2020 02:39 PM

We have a config where we have not enabled specific tunnel- groups for the users to elect when they log in the anyconnect client.

 

 

This should  mean that when I log in the anyconnect app with my username and password I will be placed in the defaultRA group.

 

 

But here is the problem when I click on sh vpn-seesiondb anyconnect all I can see are people being a part of the defaultwebvpn tunnel-group.

The vpn protocol is ssl-cleint 

 

 

Either I am wrong in thinking that you will be a part of webvpn group only when you login from the browser or this webvpn group has some sort of precedence over the default ra group.

 

 

0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎03-30-2020 02:57 PM

SSL VPNs will use the defaultWEBVPNgroup.

 

Connection profiles and group policies simplify system management. To streamline the configuration task, the ASA provides a default LAN-to-LAN connection profile (DefaultL2Lgroup), a default remote access connection profile for IKEv2 VPN (DefaultRAgroup), a default connection profile for Clientless SSL and AnyConnect SSL connections (DefaultWEBVPNgroup), and a default group policy (DfltGrpPolicy).

 

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-groups.html

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card