My organization has a working AnyConnect VPN setup that utilizes LDAP for authentication, along with a LDAP attribute map for assigning specific IP pools to specific user groups. All current users utilize LDAP and CAC certificates to authenticate.
We would like to add another organization and allow them to piggy back off our existing VPN setup, but with a separate LDAP connection, but we want the user experience for our current customers to stay exactly the same. No new menus, no dropdowns.(And therefore, no "group-alias") I have suggested that we just add the additional configuration, and add a "group-url" in the tunnel-group configuration for the new VPN customer.
My question: Will this group-url configuration in any way whatsoever impact the base users? Is it a case of, "if no group-url is used by an inbound customer, then the ASA will use the 'DefaultWebvpnGroup' tunnel-group configuration?" My supervisor is looking for a little assurance that we can deploy this solution without impact... I got a handle on the second LDAP connection and everything needed to actually get the VPN accessibility up and running, just concerned with potential impact to current users.