03-15-2018 11:10 AM - edited 02-21-2020 10:48 AM
Hello All,
ASA5525 - v9.4(1)
We are using Cisco ISE for VPN authentication of users, with appropriate group policies/profiles, etc... I had a need to create a Local user, group and connection policy while doing some maintenance on the ISE Server in case the ASA couldn't reach ISE to authenticate my user. So I could use this local user in case I ran into issues during the ISE maintenance.
Now that I'm done with the maintenance, I was hoping I could keep this group policy and connection profile and simply hide and disable it until I needed it again...
I thought if I unchecked the "SSL Enabled" checkbox next to the Connection Profile, that would prevent it from showing in the AnyConnect drop-down box for the Group Selection. But, the Group policy still displays even though it's not usable since the "SSL Enabled" option was disabled...
Any thoughts or suggestions would be greatly appreciated!
Thanks in Advance,
Matt
Solved! Go to Solution.
03-15-2018 12:30 PM
03-15-2018 12:17 PM
Hi,
To remove the drop down box to select a profile - Untick Allow user to select connection profile on the login page" from the AnyConnect Connection Profiles section. Under your maintenance connection profile > Advanced > Group Alias > define a Group URL.
On you AnyConnect client you should then be able to connect to that group url directly and it will connect you to that tunnel group.
HTH
03-15-2018 12:30 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: