10-25-2012 06:14 AM - edited 02-21-2020 06:26 PM
Hi all,
I have a problem with my clientless vpn portal.
I need to configure that when a user logs in through the portal, something that works just fine, that he ends up on the homepage.
Right now he ends up immediatly on the anyconnect button.
With the homepage I do mean the first button that says "Home".
Users must be able to click on the "Web Applications", below "Home".
Below "Web Applications" users must have their "Anyconnect" button aswell.
First of all I wasn't able to make the portal display the "Anyconnect" button in the menu.
Then after a while, I figured out that when de Dynamic Access Policy said "Unchanged" on the "Access Method" page.
When changing that parameter to "Anyconnect client" the portal is no portal anymore, I immediatly end up on the anyconnect client start.
When selecting "Web-Portal" I get the portal page, but the anyconnect menu is missing.
When selecting "Both-Default-Web-Portal" I get the anyconnect button, and all other menus, which is good.
But, I want the home button to be the default.
And not the anyconnect button, after logging in you immediatly get the start anyconnect page.
And then last but not least, when selecting "Both-Default-Anyconnect" you login to the webportal, anyconnect starts immediatly from the menu.
Something we want the end user to do manually (Click "Start Anyconnect") I mean!
I'm pretty sure the DAP is forcing that because of the options above.
But when selecting unchanged or anything that doesn't include Anyconnect, then the anyconnect button is gone...
I don't know what I can do to change that.
Am I missing something??
I would say DAP isn't needed, but when I set everything to default in the default DAP, then the anyconnect button is gone in the menu...
Kind regards,
Robin
Here's my configuration:
group-policy GP_company_intranet_portal attributes
wins-server value x.x.x.x
dns-server value x.x.x.x
vpn-tunnel-protocol ssl-client ssl-clientless
split-tunnel-policy tunnelall
default-domain value company.local
address-pools value IPP_SSLVPN01
webvpn
url-list value BML_company_intranet_portal
http-proxy disable
anyconnect keep-installer installed
anyconnect ask enable default webvpn
customization value CO_company_intranet_portal
http-comp gzip
hidden-shares none
activex-relay enable
file-entry disable
file-browsing disable
url-entry disable
smart-tunnel auto-signon disable
tunnel-group TG_company_portal_localauth type remote-access
tunnel-group TG_company_portal_localauth webvpn-attributes
customization CO_company_intranet_portal
group-url https://portal.company.be enable
username testaccount password xxxxxxxxxx encrypted privilege 0
username testaccount attributes
vpn-group-policy GP_company_intranet_portal
vpn-tunnel-protocol ssl-client ssl-clientless
password-storage disable
group-lock value TG_company_portal_localauth
service-type remote-access
Troubleshooting when logged in, just to verify if the right group-policy is being used:
FW-company# show vpn-sessiondb webvpn
Session Type: WebVPN
Username : testaccount Index : 510
Public IP : x.x.x.x
Protocol : Clientless
License : AnyConnect Premium
Encryption : 3DES Hashing : SHA1
Bytes Tx : 114897 Bytes Rx : 16087
Group Policy : GP_company_intranet_portal
Tunnel Group : TG_company_portal_localauth
Login Time : 14:50:56 GMT+2 Thu Oct 25 2012
Duration : 0h:00m:03s
Inactivity : 0h:00m:00s
NAC Result : Unknown
VLAN Mapping : N/A VLAN : none
Solved! Go to Solution.
10-25-2012 06:28 AM
Hi Robin,
You could try:
1- Please remove / disable the DAP rules and only keep the default one with default action and settings (continue). This in order to exclude DAPs as the root cause.
2- group-policy GP_company_intranet_portal attributes
webvpn
anyconnect ask none default webvpn
Let me know how it goes.
HTH.
Portu.
Please rate any helpful posts
10-25-2012 06:28 AM
Hi Robin,
You could try:
1- Please remove / disable the DAP rules and only keep the default one with default action and settings (continue). This in order to exclude DAPs as the root cause.
2- group-policy GP_company_intranet_portal attributes
webvpn
anyconnect ask none default webvpn
Let me know how it goes.
HTH.
Portu.
Please rate any helpful posts
10-25-2012 06:45 AM
Hi jportugu,
I can't believe it, i serieously though I already did that... And that removed my anyconnect button from the menu.
Which is why I started playing with the DAP function in the first place.
I tried your suggestion and that now works..
Thanks!
The only new problem now is that my bookmarks aren't showing up anymore now.
But that must be a different problem I guess.
Might be DAP related again?
Result: I activated under the default DAP: "Bookmarks" ==> "Enable bookmarks"
Now everything works as it is supposed to...
Really strange though... I thought I did that already...
Thanks jportugu!!
Kind regards,
Robin
10-25-2012 07:25 AM
Robin,
Great news
Thanks for counting on this great Support Community!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: