cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
309
Views
0
Helpful
1
Replies

Anyconnect client profile server list

Arun2022
Beginner
Beginner

Hi Experts,

We've setup anyconnect with Machine certificate only authentication. We've got a few profiles on the ASA.

The users hit the correct connection profile only when the option to select the connection profile is enabled.

If I disable that option and update my anyconnect client profile server list with the fqdn and associated group-alias it doesn't hit the correct connection profile, instead it goes to the default connection profile where it prompts a username/password.

Not sure what I am missing, ASA 9.18 anyconnect 4.10

1 Reply 1

tvotna
Beginner
Beginner

The

tunnel-group ... webvpn-attributes
group-alias ... enable

implies that

webvpn
 tunnel-group-list enable

is also configured. If you don't want to let your users choose connection profile (no tunnel-group-list enable), use group-url binding method instead:

<ClientInitialization>
<AllowManualHostInput>false</AllowManualHostInput>
</ClientInitialization>

<ServerList>
<HostEntry>
<HostName>TEST (BYOD)</HostName>
<HostAddress>my.vpnserver.com</HostAddress>
</HostEntry>
</ServerList>
tunnel-group ... webvpn-attributes
group-url https://my.vpnserver.com enable

I hope I didn't misread your question.

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers