Hi Marvin,

i have 2 connection profiles and both have unique names.

When i connect using host address i always connect so say connection profile 1.

i have no locking enabled.

Also the xml file of second connection profile does not get downloaded to profile folder.

Regards

Mahesh

You will only download the profile when you connect to it.

If you type the host address into AnyConnect are you then presented with the option to choose between profiles via the AnyConnect Group dropdown menu? If so, choose the group associated with the second profile and it should then download onto the client computer.

Hi Marvin,

When i connect i get window Ready to connect below is host address which is same

for both connection profiles after that i get window to  put password no option there

to choose the group.

I am using Anyconnect IKEV2 only.

Regards

MAhesh

Mahesh,

You  need to have "tunnel-group-list enable" in your webvpn section. Then under each connection profiles you need something like:

     tunnel-group group1 webvpn-attributes
      group-alias group1 enable

     tunnel-group group2 webvpn-attributes
      group-alias group2 enable

...that should give you a list to choose from.

Hi Marvin,

I checked that i have same config as you said in last post.

I am using IKEV2 i am notifying you late on this is it designed to  work for IKEV2?

Regards

MAhesh

Mahesh,

I recall in one of your threads about setting up IKEv2 you were attempting to make it work with completely forgoing client services over SSL and instead manually deploying profiles. If that's the setup you have for this VPN in question then of course the profiles won't automatically download - that's what you give up when disabling client services.

The group alias feature is still there with or without client services - even on IKEv2. I've set it up in a couple of customers' IPsec IKEv2 remote access VPNs..

Hi Marvin,

Under my current setup i have client services enabled so any update done on

connection profile is downloaded automatically.

Yes you are right it will now download the complete xml file for connection profile.

Group alias works for single connection profile only.

I tried under group alias on say connection profile 1 and try to add name of

connection profile 2 it says its is already  in use.

So my issue is even though i manually copy the second xml profile to profile folder in PC i do not get option to choose between 2 connection profiles?

Regards

MAhesh

Mahesh,

Each tunnel-group webvpn-attributes section (also known as connection profile) needs a unique group alias.

Your webvpn section should also specify both xml profiles.

I have this working on ASAs with code from 8.2 up through 9.3. Either SSL VPN or IPsec IKEv2.

Hi Marvin,

here is config for connection profiles

webvpn

anyconnect-essentials

anyconnect image disk0:/anyconnect-win-3.1.05160-k9.pkg 2

anyconnect profiles 123_client_profile disk0:/123_client_profile.xml

tunnel-group 123 webvpn-attributes

group-alias 123 enable

my webvpn specify both xml profiles.

Any other thing i can look for?

Regards

Mahesh

Mahesh,

It should look something like:

webvpn

anyconnect-essentials

anyconnect image disk0:/anyconnect-win-3.1.05160-k9.pkg 2

anyconnect profiles 123_client_profile disk0:/123_client_profile.xml

anyconnect profiles 456_client_profile disk0:/456_client_profile.xml

tunnel-group 123 webvpn-attributes

group-alias 123 enable

tunnel-group 456 webvpn-attributes

group-alias 456 enable

Hi MArvin,

I have exact config as you said.

May be i need to do reboot during maintenance window to make it work?

Regards

MAhesh

Mahesh,

It should not require a reload.

Did you verify you have "tunnel-group-list enable" under the webvpn section?

Hi MArvin,

I checked under webvpn

i have

anyconnect enable

tunnel-group-list enable

Regards

Mahesh