Solved: WebVPN Tunnel-Group Aliases and URLS

csaravanan-sym · ‎02-03-2009

Hi,

I have a requirement to create a new group policy and a new tunnel-group and apply it to a webvpn user account

The web vpn is working fine without any issues when I give a new name under Group Aliases and URL

My requirement is to use the existing Group Alias for this new tunnel-group. When I enter the existing alias it says it is already used by other tunnel-group

Please help

Farrukh Haroon · ‎02-06-2009

If you use the same group-alias for two tunnel-groups, then how will the firewall distinguish between the two? Let say, as per your requirement you want to have the group-alias 'securevpn' for two tunnel-groups, TG1 and TG2. Now how will the firewall map a user landing on this alias to a group? TG1 or TG2? round-robin? :). This is not possible AFAIK.

Please rate if helpful.

Regards

Farrukh Haroon

CCIE # 20184 (Security)

View solution in original post

Farrukh Haroon · ‎02-06-2009

If you use the same group-alias for two tunnel-groups, then how will the firewall distinguish between the two? Let say, as per your requirement you want to have the group-alias 'securevpn' for two tunnel-groups, TG1 and TG2. Now how will the firewall map a user landing on this alias to a group? TG1 or TG2? round-robin? :). This is not possible AFAIK.

Please rate if helpful.

Regards

Farrukh Haroon

CCIE # 20184 (Security)

csaravanan-sym · ‎02-09-2009

Hi Farrukh,

Thanks for explaining me the concept. It helped me understand that you cannot have two tunnel-groups with the same alias

Thanks,

Chandru