SSL VPN users (both AnyConnect/SVC client and Clientless) can choose which tunnel group (Connection Profile is the object name used in Adaptive Security Device Manager ASDM ) to access using these different methods:
- group-alias (tunnel group drop-down list on login page)
- certificate-maps, if using certificates
The following article describes how to use the group-alias and the group-url methods of selecting the connection profile.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808bd83d.shtml
Note: The connection profile (tunnel group) holds the initial VPN session parameters such as AAA server methods, login page customization, IP pools, etc. Each connection profile has an associated group-policy which controls most of the authorization permissions/entitlements for the VPN session (Banner, ACLs, portal customization, session timers, bookmarks, etc).
For detailed information on how the ASA 5000 VPN series performs VPN policy enforcement please refer to
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ref_extserver.html#wp1773735 .