Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
6
Helpful
4
Replies

How to determine which Group Policy & ACL anyconnect VPN is using?

Go to solution
jmaxwellUSAF
VIP
VIP

‎12-29-2022 04:08 PM

Hello.

To configure an anyconnect split-tunnel within a very large ASA config, how do I determine which Group Policy and ACL is associated with the anyconnect VPN?

Within the below snippet, if this was associated with anyconnect, wouldnt this say "ssl", and not " l2tp-ipsec" ?

config snippet below...

-----

group-policy GROUP_POLICY_A internal
group-policy GROUP_POLICY_A attributes
dns-server value 10.0.0.1 10.0.0.2
dhcp-network-scope 10.0.20.0
vpn-simultaneous-logins 10
vpn-idle-timeout 45
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL-1
default-domain value MYCOMPANY.com
webvpn
anyconnect mtu 1500

-----

Thank you!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
jmaxwellUSAF
VIP
VIP
In response to MHM Cisco World

‎12-29-2022 05:14 PM

This command solved this question:  show vpn-sessiondb anyconnect

Thank you sir!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎12-29-2022 04:13 PM - edited ‎12-29-2022 05:21 PM

show vpn-dbsession 

this give you detail about group the user join. 
vpn tunnel for this case must be ssl.

Go to solution
jmaxwellUSAF
VIP
VIP
In response to MHM Cisco World

‎12-29-2022 04:43 PM

In the below snippet of GROUP_POLICY_A, if this is not the anyconnect group policy, why exists the "webvpn" line?

group-policy GROUP_POLICY_A internal
group-policy GROUP_POLICY_A attributes
dns-server value 10.0.0.1 10.0.0.2
dhcp-network-scope 10.0.20.0
vpn-simultaneous-logins 10
vpn-idle-timeout 45
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT_TUNNEL-1
default-domain value MYCOMPANY.com
webvpn
anyconnect mtu 1500

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to jmaxwellUSAF

‎12-29-2022 05:00 PM

if this group policy use for tunnel-group cover both SS and l2tp-ipsec then you can config vpn-tunnel=protocol l2tp-ipsec + ssl, if this group-policy for only tunnel=group of l2tp/ipsec then tunnel protocol must be only l2tp-ipsec.

webvpn you mention is not config under group-policy 

0 Helpful

Go to solution
jmaxwellUSAF
VIP
VIP
In response to MHM Cisco World

‎12-29-2022 05:14 PM

This command solved this question:  show vpn-sessiondb anyconnect

Thank you sir!

0 Helpful
Customers Also Viewed These Support Documents