So with the ipsec client, it was easy to distribute PCF files to folks based on what you wanted to access... different group name, different ACLs, different PCF. So in order to use that vpngroup's access, you had to have the PCF.
However, with WebVPN, this is not the case. Any user can pick any groupname in the drop down window, which means there's no longer a simple way to control who can use what group.
Anyone have any thoughts/suggestions on how to overcome this issue with the webVPN?