Re: One ASA with two Outside Interfaces for SSL VPN - Page 2

cisco_jr · ‎02-01-2023

I have a requirment for implmenting SSL VPN for two diffrent profiles using two diffrent outside interfaces on the same ASA.

Example:

Anyconnect Profile 1 = windows

Anyconnect Profile 2 = mac

I have two outside interfaces with internet access

Outside == 1.1.1.1 = attach Profile 1

Outside2 == 2.2.2.2 = attach Profile 2

For Example, when a user initiate a connection to

winvpn.example.com = the user will connect the windows profile, which will be attched to the outside interface

macvpn.example.com = the user will connect the mac profile, which will be attched to the outside2 interface

I know there is an easy way to do this with "A" DNS records, but that option is not avilable with Frontend DNS loadbalcer we are using, which requires cname forwarding.

I will greately appreciate for any insights/inputs.

We are using Azure Traffic Manager

cisco_jr · ‎02-01-2023

So, this might work for me, but one issue i noticed is that, on the Anyconnect side, the SAML SSO authentication process is too fast for me to pick the correct group-alias from the pull down list before it automatically authenticate and connect to the first group-alias in the list. It's fast, maybe 3 second or so. Anything i can do about this?

cisco_jr · ‎02-02-2023

Any feedback on how to increase the time for the group selection banner, so i have more than 3 seconds to select the apropriate alias. Right now, it automatically selects the first alias in the list and auto connects. No time to select a diffrent alias from the pull down option.

Any hint or suggestion how i can make this work?