Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
1
Replies

Does group-url command interfere with "base" reachability"? - ASA AnyConnect VPN

Pogue
Level 1
Level 1

‎05-14-2019 05:30 PM - edited ‎02-21-2020 09:38 PM

My organization has a working AnyConnect VPN setup that utilizes LDAP for authentication, along with a LDAP attribute map for assigning specific IP pools to specific user groups. All current users utilize LDAP and CAC certificates to authenticate.

We would like to add another organization and allow them to piggy back off our existing VPN setup, but with a separate LDAP connection, but we want the user experience for our current customers to stay exactly the same. No new menus, no dropdowns.(And therefore, no "group-alias") I have suggested that we just add the additional configuration, and add a "group-url" in the tunnel-group configuration for the new VPN customer.

My question: Will this group-url configuration in any way whatsoever impact the base users? Is it a case of, "if no group-url is used by an inbound customer, then the ASA will use the 'DefaultWebvpnGroup' tunnel-group configuration?" My supervisor is looking for a little assurance that we can deploy this solution without impact... I got a handle on the second LDAP connection and everything needed to actually get the VPN accessibility up and running, just concerned with potential impact to current users.

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-14-2019 10:49 PM

There would be no effect to the current users and their VPN experience if you follow the course of action your described.

If you need an "official" Cisco statement then you could open a TAC case and ask them to confirm for you.

0 Helpful
Customers Also Viewed These Support Documents