group-policy GP-eUS-WebVPN-Citrix attributes

wins-server none

dns-server value …...

vpn-access-hours none

vpn-simultaneous-logins 3

vpn-idle-timeout 30

vpn-session-timeout none

vpn-tunnel-protocol ssl-clientless

group-lock value TG-eUS-WebVPN

default-domain value cov.com

webvpn

  homepage none

  port-forward disable

  http-proxy disable

  sso-server none

  anyconnect ask none default webvpn

  customization value CO-eUS-WebVPN-Citrix

  keep-alive-ignore 40

  http-comp gzip

  user-storage none

  storage-objects value credentials,cookies

  storage-key none

  hidden-shares none

  smart-tunnel disable

  activex-relay enable

  file-entry disable

  file-browsing disable

  url-entry disable

 ---------------------------

 tunnel-group TG-eUS-WebVPN type remote-access

tunnel-group TG-eUS-WebVPN general-attributes

authentication-server-group RSAAM8x1_SDI

secondary-authentication-server-group eUS_KERBEROS use-primary-username

default-group-policy GP-eUS-WebVPN-Citrix

tunnel-group TG-eUS-WebVPN webvpn-attributes

customization CO-eUS-WebVPN-Citrix

group-alias z-webvpn enable

tunnel-group ---------type ipsec-l2l

tunnel-group ---------- ipsec-attributes

Hello,

before going any further, what release is the ASA running ? You might want to check this bug:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv83951/?referring_site=bugquickviewredir

release is 9.42

Not sure if that is going to cause a lot of trouble, but I would upgrade to one of the 100.x releases mentioned in the bug.

Thank you. I will do the upgrade

My VPN engineer sent this to me. I hope is what you are asking for