Solved: Re: Automatically selecting Connection Profile

jackfait1 · ‎02-17-2022

Currently, one of our VPN clusters uses Certificate for the Authentication Method. The setting to allow users to select connection profile/Group is disabled, so that a User automatically connects using the Anyconnect Client.

Another one of our VPN clusters uses SAML for the Authentication method and a User has the option to select different connection profiles/Group using AnyConnect.

Question:

Instead of using two separate ASA clusters we would like to combine this to one. Is there a way using different Group Policies and Client Profiles that the behavior still operates the same. With Cert they are automatically logged in with that connection profile and with SAML they still have the option to select?

We are currently using ASAs 5545-X but want to implement this when we upgrade our ASAs this year.

Thanks

jackfait1 · ‎02-17-2022

This is exactly what I needed thanks! I already set it up and test it

View solution in original post

Rob Ingram · ‎02-17-2022

@jackfait1 you should create 2 connection profiles/tunnel-groups, one will use certificate authentication the other SAML. You can use either a group-alias or group-url to select which to connect to.

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98580-enable-group-dropdown.html

Push the XML profile to the client computers, to automatically login using certificates.

jackfait1 · ‎02-17-2022

This is exactly what I needed thanks! I already set it up and test it