Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3361
Views
10
Helpful
6
Replies

AnyConnect Group URL not working

jturner2720
Level 1
Level 1

‎08-12-2021 02:36 AM

I'm starting to look at providing different policies from our Remote Access VPN to users. Using ASA 5555-X running 9.14(2)15.

Setting a connection alias works fine, I get a dropdown list in the AnyConnect client and the different tunnel policies work when logged in.

But I also wanted to look at the URL aliases. I've set one on each of the profiles that have aliases. But if I try going to it in the browser it returns a page saying "Wrong URL." Trying from the AnyConnect client I get "Connection attempt has failed."

Any pointers for what to look at?

 

 

Labels:
6 Replies 6

Mohammed al Baqari
Level 11
Level 11

‎08-12-2021 03:59 AM

Hi,

If you want to use URL Alias, I would assume that your clients will connect
to same ASA using different URLs. If that is correct, here is a doc. Make
sure that you follow the steps.

https://community.cisco.com/t5/security-documents/anyconnect-group-urls-hide-connections-profiles-from-the-vpn/ta-p/3161045

Becareful to use the group-name after the URL when connecting to VPN to
match the alias automatically (for example test-domain/employees). To
completely automate this, you can embed the URLs in anyconnect client
profile and replicate to the users depending on the groups they belong to.

***** please remember to rate useful posts

0 Helpful

jturner2720
Level 1
Level 1
In response to MHM Cisco World

‎08-13-2021 08:16 AM

Yes, tunnel-group-list enable is in the config of both boxes.

0 Helpful

MHM Cisco World
VIP
VIP
In response to jturner2720

‎08-14-2021 12:05 PM

URL http: Name IP address/group name
or 
URL http: ASA Name/group name

so please can you make URL contain the IP address of outside ASA and hence remove the case that DNS give error or cannot resolve the name. 

connection attempt failed I think because the local username for this group BUT this group need URL.

0 Helpful

jturner2720
Level 1
Level 1
In response to MHM Cisco World

‎08-16-2021 12:59 AM

I've checked and there aren't backslashes at the end of the urls, so I don't believe that bug applies.

 

I tried changing the url to an IP address in the config. That doesn't seem to help, visiting in a web browser still gives Wrong Url. Trying to use it in AnyConnect gives a certificate error as the cert doesn't contain the IP address so no longer matches.

Customers Also Viewed These Support Documents