Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1448
Views
0
Helpful
4
Replies

AnyConnect Connection Profiles Question

Go to solution
hurricane05
Level 1
Level 1

‎01-04-2021 02:36 AM

I want to setup a separate AnyConnect Connection Profile (using ASDM) so that I can test some settings out. Currently our main Connection Profile used by all employees has a Group Alias specified (the other default profiles have no aliases) and as I understand it will only be available from the drop down list to employees due to that group alias setup. What is the best way via ASDM to configure this so that I can test with a separate Connection Profile (I still need to use the same url that the users typically connect).

 

Thx in advance for any assistance given.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎01-04-2021 02:52 AM

Hi @hurricane05 

Have a look at the link below, it has instructions on how to configure group-url. In short you can use the same domain name. For example - You existing connections would use vpn.company.com but your testing connection profile would use vpn.company.com/test

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html


HTH

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rob Ingram
VIP
VIP

‎01-04-2021 02:52 AM

Hi @hurricane05 

Have a look at the link below, it has instructions on how to configure group-url. In short you can use the same domain name. For example - You existing connections would use vpn.company.com but your testing connection profile would use vpn.company.com/test

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html


HTH

0 Helpful

Go to solution
hurricane05
Level 1
Level 1
In response to Rob Ingram

‎01-04-2021 03:08 AM

Hi Rob,
Thx for the quick response. I'm new to working with AnyConnect but wanted to make sure I understand what you are saying with the setup. Let's say I have in ASDM a Connection Profile called Corporate that has an alias configured called Employees (looking at the Aliases column). So for all our standard employees, when they run the AnyConnect client, they would connect to corporate.company.com and their group drop down will only have Employees listed they select from.

 

So if I understand correctly, I do not change anything within the current Connection Profile called Corporate. But instead, create a new Connection Profile called Test and do not specify an alias (leave blank). Then go in and modify the Connection Profile and under Group URLs, enter a custom url like corporate.company.com/test. Then open my AnyConnect client up and enter the new url corporate.company.com/test?

 

Thx in advance.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎01-04-2021 03:56 AM

Yes, if you configure a group-url you can then correct directly to that connection profile. As long as you don't define an alias then that connection profile will not appear on the drop down list for the other users to connect to.

0 Helpful

Go to solution
hurricane05
Level 1
Level 1

‎01-04-2021 09:01 AM

I was able to get this configured but not able to authenticate with the test group url (even though everything is configured identical to the corporate settings with the exception of a different group policy with same settings) so I'm troubleshooting that piece of it to see what may be going on.

0 Helpful
Customers Also Viewed These Support Documents