01-05-2011 07:12 PM - edited 02-21-2020 05:04 PM
I am trying to remove the Start Anyconnect shortcut and any references to Start Anyconnect from the webvpn portal for a customization object I have.
I can disable it from the application section of the vpn customization which solves one issue. But after I connect with a user the default page it loads and in one of the frames has the start anyconnect. Once I select home, Web Applications, Browse Networks which I have enabled I no longer have access unless of course I logout and then log back in.
Any Assistance in removing the start anyconnect frame showing up in the webvpn interface after a user first logs in would be great.
asdm 6.3
asa5510
Thanks!
Solved! Go to Solution.
01-07-2011 02:28 AM
Hi
I'm not sure about what exaclty you want to achieve in which order, but maybe this helps: There are two methods that help distinguish and prioritize the use between 'SVC' (AnyConnect client) and 'WebVPN' (the clientless portal):
If you're familiar with the CLI, here are the commands that will help you customizing the methods to your liking (consult the command reference for your deployed OS if you should have any questions):
policy-group
vpn-tunnel-protocol {[IPSec] [l2tp-ipsec] [svc] [webvpn]}
webvpn
svc ask {none | enable [default {webvpn | svc} [timeout seconds]]}
The default for ASA OS 8.2 is:
svc ask none default webvpn
(-> Like that, no reference to SVC will be presented and SVC session will NOT be initiated through the clientless portal. Nevertheless, if you configured vpn-tunnel-protocol svc webvpn, the user will still be able to login with the AnyConnect client pre-installed locally on his machine, PARALLEL to being able to log in into the clientless portal.)
Regards
Toni
01-05-2011 09:43 PM
You could go to the group-policy and disable the SVC protocol!
01-06-2011 06:48 AM
This group of users in that policy require both the client and clientless access. So if I disable the svc protocol for that policy I assume that the ssl vpn client would stop working. I could create a seperate profile but that would add some complexity for users.
What I would like if possible would be to remove it from the customization object (or the webvpn pages).
Thanks!
01-06-2011 04:23 PM
Do it with two profiles, you can hid the complexity from the users.
Webvpn users profile can be selected by URL, if you are using the default portal just map the URL to the default profile.
If you are deploying any connect to the users, just embed the Anyconnect profile selection in the configuration profile and any connect will just connect to the profile..
From the users point of view they will not need to know about profiles.
01-07-2011 02:28 AM
Hi
I'm not sure about what exaclty you want to achieve in which order, but maybe this helps: There are two methods that help distinguish and prioritize the use between 'SVC' (AnyConnect client) and 'WebVPN' (the clientless portal):
If you're familiar with the CLI, here are the commands that will help you customizing the methods to your liking (consult the command reference for your deployed OS if you should have any questions):
policy-group
vpn-tunnel-protocol {[IPSec] [l2tp-ipsec] [svc] [webvpn]}
webvpn
svc ask {none | enable [default {webvpn | svc} [timeout seconds]]}
The default for ASA OS 8.2 is:
svc ask none default webvpn
(-> Like that, no reference to SVC will be presented and SVC session will NOT be initiated through the clientless portal. Nevertheless, if you configured vpn-tunnel-protocol svc webvpn, the user will still be able to login with the AnyConnect client pre-installed locally on his machine, PARALLEL to being able to log in into the clientless portal.)
Regards
Toni
01-07-2011 06:41 AM
I had contacted tac and spoke with a fantastic engineer. The resolution was in the Dynamic Access Policy (DAP). We changed the Access Method to "unchanged" and that removed the "Start Anyconnect" frame from showing up when you first login on the webvpn.
Thanks To All!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide