Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
972
Views
0
Helpful
2
Replies

SSL VPN not login in via other group URL

Zahan Al-Rashid
Level 1
Level 1

‎06-11-2014 04:10 AM

Hi All, 

 

I am trying configure URL for SSL VPN management access only. I have created 2 profiles, one for users and the other for management. I can select each profile from the drop down and they work fine. However if I want a different URL for one of the profiles for example:

https://SSL_VPN_USER/Management

 

It keeps taking me back to https://SSL_VPN_USER/ instead of login me in. But if I instead make the same profile as an option on the drop down of https://SSL_VPN_USER/ it works fine. 

 

Any ideas what I am doing wrong? 

 

Kind Regards

 

Zee

 

 

 

Labels:
0 Helpful
2 Replies 2

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎06-11-2014 05:55 AM

Hi Zee,

Please confirm you have enabled the group-url using following command:-
      tunnel-group <tunnel_group_name> webvpn-attributes
        group-url https://X.X.X.X/URL enable

If that is present , please share the relevant configuration from ASA including connection profile and group-policy that the user connects with.

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Zahan Al-Rashid
Level 1
Level 1
In response to Dinesh Moudgil

‎06-11-2014 07:52 AM

Hi Dinesh, 


Thanks for your response. Yes it is enabled. Just to clarify :

https://SSL_VPN_USER/ - this URL is for users

https://SSL_VPN_USER/Management - This URL is for management

 

When we access the https://SSL_VPN_USER/Management URL it takes us to the same URL as https://SSL_VPN_USER/ . BUT the GUI is different for each one. When we put in our credentials (Which uses ACS/RSA for verification) it fails and goes to the GUI login page of https://SSL_VPN_USER/ and has a message saying "login failed." even though I was at the GUI login page for https://SSL_VPN_USER/Management; so the login isn't even working. However if I put the https://SSL_VPN_USER/Management as a drop down option the login details via RSA work!

 

The details are below:

 

 

access-list inside_acl extended permit ip object NETADMIN-1 any 
access-list cap extended permit ip host 19.17.15.6 any 
access-list cap extended permit ip any any 
access-list inbound extended permit icmp any any 
access-list inside_access_in extended permit icmp any any 
access-list inside_access_in extended permit tcp object-group OtherSite-IPS object-group CISCO_sig eq www inactive 
access-list inside_access_in extended permit tcp object-group OtherSite-IPS object-group CISCO_sig eq https 
access-list inside_access_in extended permit ip object-group leg_ACCESS object Corporate-VPN-OtherSite-IPRange 
access-list inside_access_in extended permit ip object-group inside_network object Corporate-VPN-OtherSite-IPRange 
access-list inside_access_in extended permit tcp host 12.12.12.12 host 90.215.98.6 eq telnet inactive 
access-list inside_access_in extended permit tcp host 192.168.32.86 object-group blackberry_rim_servers eq 3121 inactive 
access-list inside_access_in extended permit tcp host 192.168.40.98 object-group blackberry_rim_servers eq 3121 inactive 
access-list inside_access_in extended permit ip object-group leg_ACCESS 192.168.55.224 255.255.255.248 
access-list inside_access_in extended permit ip object IM&T-Management-Range 192.168.55.224 255.255.255.248 
access-list inside_access_in extended permit ip object-group inside_network 192.168.55.224 255.255.255.248 
access-list inside_access_in extended permit ip object-group Domain_Controllers 192.168.55.224 255.255.255.248 
access-list inside_access_in extended permit ip object-group SNMP_server object-group grave_Grove_Datarange inactive 
access-list inside_access_in extended permit ip object-group SNMP_server object-group grave_Grove_WAASRange inactive 
access-list inside_access_in extended permit ip object-group leg_ACCESS object grave_Grove-Internal_120 inactive 
access-list inside_access_in extended permit ip object-group inside_network object grave_Grove-Internal_120 inactive 
access-list inside_access_in extended permit ip object-group Domain_Controllers object grave_Grove-Internal_120 inactive 
access-list inside_access_in extended permit ip object-group TheSite_SCCM object Corporate-VPN-OtherSite-IPRange 
access-list inside_access_in extended permit ip object-group TheSite_SCCM 192.168.55.128 255.255.255.224 
access-list inside_access_in extended permit ip object-group TheSite_SCCM 192.168.55.224 255.255.255.248 
access-list inside_access_in extended permit ip object-group WAAS_Traffic_internal object-group grave_Grove_WAASRange inactive 
access-list inside_access_in extended permit ip object-group Domain_Controllers object Corporate-VPN-OtherSite-IPRange 
access-list inside_access_in extended permit udp object-group SNMP_server any eq snmp 
access-list inside_access_in extended permit tcp object-group SNMP_server any eq ssh 
access-list inside_access_in extended permit ip object-group leg_ACCESS object-group rose_Cottage_Datarange inactive 
access-list inside_access_in extended permit ip object-group Domain_Controllers object-group rose_Cottage_Datarange inactive 
access-list inside_access_in extended permit ip object-group inside_network object-group rose_Cottage_Datarange inactive 
access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_7 eq ssh 
access-list inside_access_in extended permit ip object BMS_RANGE object-group DM_INLINE_NETWORK_2 
access-list inside_access_in extended permit ip object-group leg_ACCESS object Vpn-Tester-Internal 
access-list inside_access_in extended permit ip object-group Domain_Controllers object Vpn-Tester-Internal 
access-list inside_access_in extended permit ip object-group inside_network object Vpn-Tester-Internal 
access-list inside_access_in extended permit udp object-group Trust-IP-Rages-AllSites object Corporate-VPN-OtherSite-IPRange 
access-list inside_access_in extended permit ip object-group Domain_Controllers object Anyconnect-IPRange 
access-list inside_access_in extended permit ip object-group TheSite_SCCM object Anyconnect-IPRange 
access-list inside_access_in extended permit ip object-group  sophos object Anyconnect-IPRange 
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_4 object-group DM_INLINE_NETWORK_8 
access-list inside_access_in extended permit ip object-group OtherSite-VPN-Traffic object BrendaRoad-IPRange 
access-list inside_access_in extended permit ip object  SOPHOS02 object IM&T-Mgmt-Anyconnect-Range 
access-list nonat extended permit ip object-group inside_network object Corporate-VPN-OtherSite-IPRange 
access-list nonat extended permit ip object-group leg_ACCESS object Corporate-VPN-OtherSite-IPRange 
access-list nonat extended permit ip host 12.129.78.5 object Corporate-VPN-OtherSite-IPRange 
access-list nonat extended permit ip object-group TheSite_SCCM object Corporate-VPN-OtherSite-IPRange 
access-list nonat extended permit ip object-group Domain_Controllers object Corporate-VPN-OtherSite-IPRange 
access-list VPN_Sites standard permit 192.168.55.128 255.255.255.224 
access-list VPN_Sites standard permit 192.168.55.224 255.255.255.224 
access-list outside_access_in extended permit icmp any any 
access-list outside_access_in extended permit ip object PenTest_Servers-MTI any inactive 
access-list outside_access_in extended permit ip object Corporate-VPN-OtherSite-IPRange object-group inside_network 
access-list outside_access_in extended permit ip object Corporate-VPN-OtherSite-IPRange object-group leg_ACCESS 
access-list outside_access_in extended permit tcp host 90.215.98.6 host 12.12.12.12 eq telnet inactive 
access-list outside_access_in extended permit tcp host 90.215.98.6 host 90.219.231.129 eq telnet inactive 
access-list outside_access_in extended permit udp any any eq isakmp inactive 
access-list outside_access_in extended permit esp any any inactive 
access-list outside_access_in extended permit tcp object-group blackberry_rim_servers host 192.168.32.86 eq 3121 inactive 
access-list outside_access_in extended permit tcp object-group blackberry_rim_servers host 192.168.40.98 eq 3121 inactive 
access-list outside_access_in extended permit ip 192.168.55.224 255.255.255.248 object-group leg_ACCESS 
access-list outside_access_in extended permit ip 192.168.55.224 255.255.255.248 object-group Domain_Controllers 
access-list outside_access_in extended permit ip 192.168.55.224 255.255.255.248 object IM&T-Management-Range 
access-list outside_access_in extended permit ip 192.168.55.224 255.255.255.248 object-group inside_network 
access-list outside_access_in extended permit ip 192.168.55.128 255.255.255.224 object-group leg_ACCESS 
access-list outside_access_in extended permit ip 192.168.55.128 255.255.255.224 object-group Domain_Controllers 
access-list outside_access_in extended permit ip 192.168.55.128 255.255.255.224 object IM&T-Management-Range 
access-list outside_access_in extended permit ip 192.168.55.128 255.255.255.224 object-group inside_network 
access-list outside_access_in extended permit tcp object Corporate-VPN-OtherSite-IPRange object DX_Expense_website eq https 
access-list outside_access_in extended permit ip object-group grave_Grove_Datarange object-group leg_ACCESS inactive 
access-list outside_access_in extended permit ip object-group grave_Grove_Datarange object-group Domain_Controllers inactive 
access-list outside_access_in extended permit ip object-group grave_Grove_Datarange object-group inside_network inactive 
access-list outside_access_in extended permit ip object-group grave_Grove_WAASRange object-group WAAS_Traffic_internal inactive 
access-list outside_access_in extended permit ip object Corporate-VPN-OtherSite-IPRange object-group TheSite_SCCM inactive 
access-list outside_access_in extended permit ip 192.168.55.128 255.255.255.224 object-group TheSite_SCCM inactive 
access-list outside_access_in extended permit ip 192.168.55.224 255.255.255.248 object-group TheSite_SCCM inactive 
access-list outside_access_in extended permit ip object Corporate-VPN-OtherSite-IPRange object-group Domain_Controllers 
access-list outside_access_in extended permit ip object-group rose_Cottage_Datarange object-group leg_ACCESS inactive 
access-list outside_access_in extended permit ip object-group rose_Cottage_Datarange object-group Domain_Controllers inactive 
access-list outside_access_in extended permit ip object-group rose_Cottage_Datarange object-group inside_network inactive 
access-list outside_access_in extended permit tcp 192.168.55.224 255.255.255.248 object DX_Expense_website eq https 
access-list outside_access_in extended permit tcp 192.168.55.128 255.255.255.224 object DX_Expense_website eq https 
access-list outside_access_in extended permit tcp object-group grave_Grove_Datarange object DX_Expense_website eq https inactive 
access-list outside_access_in extended permit tcp object-group rose_Cottage_Datarange object DX_Expense_website eq https inactive 
access-list outside_access_in extended permit ip object rose_Cottage_BMS-Net object s-BMS-Server_01 inactive 
access-list outside_access_in extended permit ip object Anyconnect-IPRange object-group Domain_Controllers 
access-list outside_access_in extended permit ip object Anyconnect-IPRange object-group inside_network 
access-list outside_access_in extended permit udp object Anyconnect-IPRange object-group Trust-IP-Rages-AllSites 
access-list outside_access_in extended permit ip object rose_Cottage_BMS-Net object-group s-BMS-Router_ALL inactive 
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_1 
access-list outside_access_in extended permit ip object BrendaRoad-IPRange object-group OtherSite-VPN-Traffic 
access-list outside_access_in extended permit ip object RossiterRoad-IPRange object-group OtherSite-VPN-Traffic 
access-list outside_access_in extended permit ip object IM&T-Mgmt-Anyconnect-Range object s-Server-Mgmt-Range 
access-list outside_access_in extended permit ip object IM&T-Mgmt-Anyconnect-Range object-group inside_network 
access-list outside_access_in extended permit ip object IM&T-Mgmt-Anyconnect-Range object-group Trust-IP-Rages-AllSites 
access-list outside_access_in extended permit ip object IM&T-Mgmt-Anyconnect-Range object IM&T-Management-Range 
access-list grave-Grove-net extended permit ip object-group grave_VPN_Traffic object-group grave_Grove_Datarange inactive 
access-list grave-Grove-net extended permit ip object-group WAAS_Traffic_internal object-group grave_Grove_WAASRange inactive 
access-list rose-Cottage-net extended permit ip object-group roseCot_VPN_Traffic object-group rose_Cottage_Datarange inactive 
access-list rose-Cottage-net extended permit ip object s-BMS-Server_01 object rose_Cottage_BMS-Net inactive 
access-list rose-Cottage-net extended permit ip object-group s-BMS-Router_ALL object rose_Cottage_BMS-Net inactive 
access-list Redwood-Net extended permit ip object-group DM_INLINE_NETWORK_6 object Redwood_BMS 
access-list Tester_VPN-net extended permit ip object-group Tester_VPN_Traffic object Vpn-Tester-Internal 
access-list Corporate-IPSEC-VPN-Access extended permit ip object Corporate-VPN-OtherSite-IPRange object-group inside_network 
access-list Corporate-IPSEC-VPN-Access extended permit udp object Corporate-VPN-OtherSite-IPRange object-group Trust-IP-Rages-AllSites 
access-list Anyconnect_access_in extended permit udp object Anyconnect-IPRange object-group Trust-IP-Rages-AllSites 
access-list Anyconnect_access_in extended permit ip object Anyconnect-IPRange object-group inside_network 

access-list IM&T_Anyconnct_access extended permit ip object IM&T-Mgmt-Anyconnect-Range object-group Third_Line-Network inactive 
access-list IM&T_Anyconnct_access extended permit ip object IM&T-Mgmt-Anyconnect-Range object IM&T-Management-Range 
access-list IM&T_Anyconnct_access extended permit ip object IM&T-Mgmt-Anyconnect-Range object-group inside_network 
access-list IM&T_Anyconnct_access extended permit ip object IM&T-Mgmt-Anyconnect-Range object s-Server-Mgmt-Range 
access-list IM&T_Anyconnct_access extended permit ip object IM&T-Mgmt-Anyconnect-Range object-group Trust-IP-Rages-AllSites 

logging monitor warnings
logging buffered informational
logging trap informational
logging history warnings
logging asdm informational
logging mail mobile-users
logging from-address mobileusers@TheSite-tr.aid
logging recipient-address networkadmin@TheSite-tr.aid level informational
logging device-id hostname
logging host inside  ncm01
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool CorporateNet 12.214.64.1-12.214.64.250 mask 255.255.255.0
ip local pool Anyconnect-User-pool 12.147.149.1-12.147.149.125 mask 255.255.255.128
ip local pool IM&T-Mgmt-Anyconnect-pool 12.199.52.33-12.199.52.62 mask 255.255.255.224
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo-reply outside
asdm image disk0:/asdm-715-120.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source dynamic Net_Admin_PC Net_Admin-PAT destination static TheSite_VPN-External TheSite_VPN-External
nat (inside,outside) source static any any destination static NETWORK_OBJ_12.214.64.0_24 NETWORK_OBJ_12.214.64.0_24 no-proxy-arp route-lookup inactive
nat (inside,outside) source dynamic OtherSite-IPS outside_PAT destination static CISCO_sig CISCO_sig
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
!
route-map anyconnect permit 12
 match ip address ippool
!
route-map VPN_Sites_backup permit 12
 match ip address VPN_Sites
!
!
router ospf 1 
 network 172.16.11.128 255.255.255.128 area 30
 log-adj-changes
 redistribute connected subnets
 redistribute static subnets route-map anyconnect
!
route outside 0.0.0.0 0.0.0.0 90.219.231.97 1
route management 192.168.34.1 255.255.255.255 192.168.215.203 1
route outside 192.168.36.64 255.255.255.240 90.219.231.97 1
route outside 192.168.55.224 255.255.255.248 90.219.231.97 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:12:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:12:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server acs-server protocol tacacs+

aaa-server acs-server (inside) host sacs01
 key *****
aaa-server RSA protocol radius
aaa-server rsa protocol radius
aaa-server rsa (inside) host rsa02-v
 key *****
 authentication-port 1812
 accounting-port 1813

aaa-server rsa (inside) host OtherSitersa01-v
 key *****
 authentication-port 1812
 accounting-port 1813
user-identity default-domain LOCAL
aaa authentication http console acs-server LOCAL
aaa authentication ssh console acs-server LOCAL
http server enable
http 192.168.34.0 255.255.255.0 management
http 192.168.34.0 255.255.255.0 inside
snmp-server group GrpNETADMIN v3 priv 
snmp-server user netadmin GrpNETADMIN v3 encrypted auth md5 1b:17:a2:e4:32:b5:b4:gf:e4:ae:8a:e0:f0:8d:af:8a priv aes 128 1a:17:a2:e4:32:d5:b4:bf:e4:ee:8a:e0:e0:8d:4f:8a 
snmp-server host inside  ncm01 version 3 netadmin
snmp-server location OtherSiteworth Hospital (ID:14053))
snmp-server contact TheSite-NetAdmin
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
no sysopt connection permit-vpn
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5

crypto ipsec security-association lifetime seconds 3600
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto map outside_map 200 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 200 set ikev2 ipsec-proposal AES256
crypto map outside_map 212 match address kingston-AnE-net
crypto map outside_map 212 set peer 81.133.221.196 
crypto map outside_map 212 set ikev1 transform-set esp-aes-256 esp-aes
crypto map outside_map 212 set security-association lifetime seconds 28800
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP


crypto ca trustpoint _SmartCallHome_ServerCA
 crl configure
crypto ca trustpoint  DC02-Root
 enrollment terminal
 crl configure
crypto ca trustpoint ASDM_TrustPoint0
 enrollment terminal
 fqdn SSL_VPN_USER
 subject-name CN=SSL_VPN_USER,OU=IMT Department,O=TheSite,C=GB,St=London,L=clapman
 ip-address 90.219.231.99
 keypair Management
 crl configure
crypto isakmp identity address 

 authentication pre-share
 encryption des
 hash md5
 group 1
 lifetime 86400
crypto ikev1 policy 5
 authentication pre-share
 encryption aes
 hash md5
 group 5      
 lifetime 86400

telnet timeout 60
ssh 192.168.34.0 255.255.255.0 inside
ssh 192.168.34.0 255.255.255.0 management
ssh  ncm01 255.255.255.255 management
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 15
management-access management
dhcpd address 192.168.215.1-192.168.215.240 management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 12.120.1.252
ssl server-version tlsv1-only
ssl client-version tlsv1-only
ssl encryption rc4-sha1 aes256-sha1
ssl trust-point ASDM_TrustPoint0 outside
webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-3.1.05152-k9.zip 1
 anyconnect image disk0:/anyconnect-macosx-i386-3.1.04074-k9.pkg 2
 anyconnect profiles IM&T-Anyconnect disk0:/im&t-anyconnect.xml
 anyconnect profiles TheSite-Anyconnect_client_profile disk0:/TheSite-Anyconnect_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
group-policy IKEv2GrpPolicy internal
group-policy IKEv2GrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2 
group-policy IM&T-Anyconnect-Policy internal
group-policy IM&T-Anyconnect-Policy attributes
 wins-server value 12.199.52.212 192.168.32.12
 dns-server value 12.199.52.212 192.168.32.12
 vpn-simultaneous-logins 1
 vpn-filter value IM&T_Anyconnct_access
 vpn-tunnel-protocol ssl-client 
 default-domain value xTheSite-tr.aid
 address-pools value IM&T-Mgmt-Anyconnect-pool
 webvpn
  anyconnect ssl dtls enable
  anyconnect dtls compression lzs
  anyconnect profiles value IM&T-Anyconnect type user
  anyconnect ask none default webvpn
  customization value IM&T-Anyconnect-Portal
group-policy GroupPolicy_TheSite-Anyconnect internal
group-policy GroupPolicy_TheSite-Anyconnect attributes
 wins-server none
 dns-server value 12.199.52.212 192.168.32.12
 vpn-simultaneous-logins 1
 vpn-filter value Anyconnect_access_in
 vpn-tunnel-protocol ssl-client 
 default-domain value xTheSite-tr.aid
 address-pools value Anyconnect-User-pool
 webvpn
  anyconnect ssl dtls enable
  anyconnect dtls compression lzs
  anyconnect profiles value TheSite-Anyconnect_client_profile type user
  anyconnect ask none default webvpn
  customization value Anyconnect-Portal
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
 vpn-tunnel-protocol ikev1 
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol ikev1 
group-policy netadmin internal
group-policy netadmin attributes
 dns-server value 192.168.32.12
 vpn-tunnel-protocol l2tp-ipsec 
 default-domain value xTheSite-tr.aid
group-policy Corporate_Business internal
 wins-server value 192.168.34.12
 dns-server value 12.19.2.12 192.168.34.11
 vpn-simultaneous-logins 1
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-filter value Corporate-IPSEC-VPN-Access
 vpn-tunnel-protocol ikev1 l2tp-ipsec 
 address-pools value CorporateNet
 smartcard-removal-disconnect disable
username TheSite password asbkjsabfjk encrypted
username cisco password ajksdfkjhsf encrypted privilege 0
username cisco attributes
 vpn-group-policy netadmin
tunnel-group Corporate_Business type remote-access
tunnel-group Corporate_Business general-attributes
 address-pool CorporateNet
 authentication-server-group rsa
 default-group-policy Corporate_Business
 username-from-certificate use-entire-name
tunnel-group Corporate_Business ipsec-attributes
 ikev1 pre-shared-key *****

tunnel-group IM&T-Anyconnect type remote-access
tunnel-group IM&T-Anyconnect general-attributes
 address-pool IM&T-Mgmt-Anyconnect-pool
 authentication-server-group rsa
 authentication-server-group (inside) rsa
 default-group-policy IM&T-Anyconnect-Policy
tunnel-group IM&T-Anyconnect webvpn-attributes
 customization IM&T-Anyconnect-Portal
 proxy-auth sdi
 group-alias IM&T disable
 group-url https://SSL_VPN_USER/IMT enable
 dns-group DNS-Servers


tunnel-group TheSite-Anyconnect type remote-access
tunnel-group TheSite-Anyconnect general-attributes
 address-pool Anyconnect-User-pool
 authentication-server-group rsa
 default-group-policy GroupPolicy_TheSite-Anyconnect
tunnel-group TheSite-Anyconnect webvpn-attributes
 customization Anyconnect-Portal
 group-alias TheSite-Anyconnect enable
 dns-group DNS-Servers

 

0 Helpful
Customers Also Viewed These Support Documents