SSL VPN users (both AnyConnect/SVC client and Clientless) can choose which tunnel group (Connection Profile is the object name used in Adaptive Security Device Manager ASDM ) to access using these different methods:
group-alias (tunnel group drop-down list on login page)
certificate-maps, if using certificates
The following article describes how to use the group-alias and the group-url methods of selecting the connection profile.
Note: The connection profile (tunnel group) holds the initial VPN session parameters such as AAA server methods, login page customization, IP pools, etc. Each connection profile has an associated group-policy which controls most of the authorization permissions/entitlements for the VPN session (Banner, ACLs, portal customization, session timers, bookmarks, etc).
For detailed information on how the ASA 5000 VPN series performs VPN policy enforcement please refer to
Hello, I struggle to find the right team to answer questions on a renewal for CES. Our partner initially purchased CES that included SMA. When renewing the CES the SMA is not included and further is not a possible choice in CCW for CES.&nb...
Hello Team,We have , Dual SSID BYOD set up – “XYZ-OPEN” open SSID for onboarding, and “ABC-Employee-Register” for BYOD Registered devices- Internal ISE CA for SCEP / BYOD Client Certificates- Certs issued with MAC-in-SAN, and users advised to disable...
Team,We have been doing a PoC on the Cisco ISE as a NAC. Our use case was identifying if the laptop is a corporate owned laptop and if yes allow it the default full access VLAN. If not, give it guest VLAN with limited access. This has been achie...
Before I get into the question, I understand that the better method would be to use a firewall for what I am trying to accomplish however I need to work within the scope of what I have right now, so no new hardware etc. Also the powers that be have ...
Hello Community, We have Two ISE nodes configured as primary and secondary for every persona. And the two nodes (ISE01 and ISE02) join to same Active Directory Domain (Acme.com). This domain has two instance of Domain controller (dc1.acme.com and dc2...