ā12-22-2022 01:30 AM
Informational message in cisco AnyConnect when connecting to a specific tunnel-group
Hi all!
Help please solve the problem.
In our organization, to subdue VPN clients, we use several different tunnel groups with different URLs.
We need to make an informational message when connecting through a specific URL.
I searched for information, but I just found that you can apply GUI Text and Messages, but this applies to all connections. Or you can apply the banner only to a specific group policy. But that doesn't work for us.
The bottom line is that when connecting to a certain YURL through anyconect cisco, a message was displayed, the user read it, clicked OK, and then entered the credentials.
Help with information please.
ā12-22-2022 06:59 AM
To configure a warning banner for a tunnel group in you can use the "banner" command in the tunnel group config mode.
banner warning "This VPN is for authorized users only."
! Configuration for tunnel group "example_tunnel_banner"
tunnel-group mytunnelgroup type ipsec-ra
tunnel-group mytunnelgroup general-attributes
banner warning "This VPN is for authorized users only."
default-group-policy mytunnelpolicy
tunnel-group mytunnelgroup ipsec-attributes
ikev1 pre-shared-key mypre-sharedkey
ikev2 remote-authentication pre-shared-key mypre-sharedkey
ikev2 local-authentication pre-shared-key mypre-sharedkey
ā12-23-2022 02:40 AM
hello
I apologize for not immediately specifying our tunnel group has the type remote-access
And when we go into the tunnel group configuration settings, there is simply no banner command
tunnel-group VPN-RA type remote-access
tunnel-group VPN-RA general-attributes
authentication-server-group RADIUS
default-group-policy DEFAULT-RAVPN-GR
password management
authorization-required
tunnel-group VPN-RA webvpn-attributes
group-url https://URLxxx.xx/enable
That's all there is
ASA(config-tunnel-general)# ?
tunnel-group configuration commands:
accounting-server-group
address-pool
annotation
authenticated-session-username
authentication-attr-from-server
authentication-server-group
authorization-required
authorization-server-group
default-group-policy
dhcp-server
exit
help
ipv6-address-pool
nat-assigned-to-public-ip
no
password-management
scep-enrollment
secondary-authentication-server-group
secondary-username-from-certificate
secondary-username-from-certificate-choice
strip-group
strip-realm
username-from-certificate
username-from-certificate-choice
ā12-23-2022 02:53 AM
tunnel-group VPN-RA general-attributes
? <<- banner appear here under the tunnel=group general attributes
ā12-23-2022 03:22 AM
Hello
I managed to enter this command.
But after I pressed enter, I was thrown into configuration mode. and when checking show run, there is no banner there.
I tried to connect via anyConnect, but no message came up. I just successfully connected
ASA# conf t
ASA(config)# tunnel-group VPN-RA general-attributes
ASA(config-tunnel-general)# ban
ASA(config-tunnel-general)# banner ?
configure mode commands/options:
asdm Display a post login banner (ASDM only)
exec Display a banner whenever an EXEC process in initiated
login Display a banner before the username and password login prompts
motd Display a message-of-the-day banner
ASA(config-tunnel-general)# banner log
ASA(config-tunnel-general)# banner login ?
configure mode commands/options:
LINE A line of message to be displayed, it will be added to the end of an existing banner. The token $(domain) and $(hostname) will be replaced with the domain name and host
name
<cr>
ASA(config-tunnel-general)# banner login HELLOW!
ASA(config)#
ASA(config)#
ā12-23-2022 03:37 AM - edited ā12-23-2022 03:59 AM
Yes I check in my FW lab and see it under
group-policy x.x.x.x attributes
banner
ā12-23-2022 03:56 AM
Oh yes, I found it, it is located in the main ASA configuration.
It appears when I ssh into the ASA itself, but this is not what I need)
I want to have a message appear in AnyConnect
As in the screenshot. This picture is just taken from the internet.
ā12-23-2022 03:59 AM
sorry see me correct comment
ā12-23-2022 04:30 AM
Yes thank you!
I know about settings of a banner in politicians. I pointed this out in the test of my main problem.
The fact is that we have several different URLs that are used by different groups of people, such as for example different companies. Each company connects with its own URL, but they use the same policies.
That's why I was interested in the question, is it possible to set up an informational message for tunnel groups, in which the URL itself is specified. Separately.
For example, COMPANY1, connects to the URL vpn.company.com/com1, an information window appears at AnyConnect, "Welcome, you are connecting to Company1. Your job description is such and such"
COMPANY2 is connected by URL vpn.company.com/com2
The message may already be different. For example, "Your organization is subject to strict quality control, do your work carefully."
These are all examples, but the bottom line is that I need to do it this way. I looked through the documentation and didn't find any options.
Is there such a possibility at all?
ā12-23-2022 04:32 AM
get it I will check and update you.
ā12-26-2022 08:39 AM
Good afternoon
Please tell me, if I add a banner in the group policy, can I insert a link to some resource here, for example
conf t
group-policy %PolicyName% attributes
banner login āhttps://mycompany.com/knowledgebase/usermanuals/docs/ā
Will it work as a link?
ā12-27-2022 03:40 PM
for using http:// I dont so sure but you can try and see
for your original post I make some research and find that
you can add new group-policy then inherit it value from the other gropy-policy
via
group-policy MHM1 internal from MHM2
then config under each group-policy different banner.
please make my review and check it twice before apply it.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide