Solved: ASA: webvpn: group-url command

mlopacinski · ‎11-28-2011

Hell

I am not sure how group-url command work. From command reference:

"Specifying a group URL or IP address eliminates the need for the user to select a group at login. When a user logs in, the adaptive security appliance looks for the user's incoming URL/address in the tunnel-group-policy table"

when i type:

ASA-1(config-tunnel-webvpn)# group-url https://100.60.10.100/ssl enable

what does ASA do ? Compare source_ip of the client with this IP and HTTP request to check if there is "ssl" in ULR and only if both matches with this configuration binds this user to this tunnel group ?

what if i type:

ASA-1(config-tunnel-webvpn)# group-url https://www.cisco.com/ssl enable

what does ASA check exactly for this command ?

Thanx

ajay chauhan · ‎11-28-2011

Group-url is another way to give users the right tunnel-group and group-policy. It is also configured under the webvpn params of the tunnel group. You should specify a url for each tunnel-group.

When the WebVPN requests comes to ASA through the WebVPN enabled interface and if the URL matches anyone of the configured group-url in the tunnel-group, then that tunnel group is used for the WebVPN.

It can be done both way either mention IP adress or FQDN.

Thanks

Ajay

View solution in original post

ajay chauhan · ‎11-28-2011

Group-url is another way to give users the right tunnel-group and group-policy. It is also configured under the webvpn params of the tunnel group. You should specify a url for each tunnel-group.

When the WebVPN requests comes to ASA through the WebVPN enabled interface and if the URL matches anyone of the configured group-url in the tunnel-group, then that tunnel group is used for the WebVPN.

It can be done both way either mention IP adress or FQDN.

Thanks

Ajay