I have configured multiple connection profiles and added group urls to put the users directly into corresponding group policies (https://exampledomain.com) and this is working fine if the requested url is an exact match, but if the user tries to connect to a content url further into the system (https://exampledomain.com/_layouts/Authentication.aspx) the ASA doesn’t match and sends the user to the DefaultWebGroup instead. Is it possible to use a wildcard in the Group URL (https://exampledomain.com/*) so no matter what the sub-content is it always uses the connection profile? If there isn't a way to do this, what are some alternative methods to accomplish this, other than to keep using the existing MS Forefront TMG Server?
Solved! Go to Solution.
We have many users that currently connect via Microsoft Forefront TMG server that is able to take the full URI and proxy the request. I was trying to provide the same level of flexibility using the ASA WebVPN. I already am using DAPs to build the WebVPN portal and provide bookmarks based on AD group membership, but the bookmarks are static also and even with the flexibility of using macros and variables still don't provide the same experience.
Ok, we need to clarify the issue.
This does not have anything to do with group-urls or group-alias... This is about internal WebVPN bookmarks.
At this point if the implementation does not work as you expected, I would recommend to contact your Account team.