cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5287
Views
0
Helpful
2
Replies

How to Disable or Hide a Group from Group Selection

Matthew Martin
Level 5
Level 5

Hello All,

 

ASA5525 - v9.4(1)

 

We are using Cisco ISE for VPN authentication of users, with appropriate group policies/profiles, etc... I had a need to create a Local user, group and connection policy while doing some maintenance on the ISE Server in case the ASA couldn't reach ISE to authenticate my user. So I could use this local user in case I ran into issues during the ISE maintenance.

 

Now that I'm done with the maintenance, I was hoping I could keep this group policy and connection profile and simply hide and disable it until I needed it again...

 

I thought if I unchecked the "SSL Enabled" checkbox next to the Connection Profile, that would prevent it from showing in the AnyConnect drop-down box for the Group Selection. But, the Group policy still displays even though it's not usable since the "SSL Enabled" option was disabled...

 

Any thoughts or suggestions would be greatly appreciated!

 

Thanks in Advance,

Matt

1 Accepted Solution

Accepted Solutions

Hey, thanks for the reply.

The problem is we still want to allow users to select a Group when connecting to the VPN. I just wanted to make it so that when you clicked the drop-down box to select a Group, that "maintenance" group wasn't an option to select it.

Hummm........ I think I just figured it out. I was on the ASDM looking at connection profiles and there was 2 other profiles in there that I know for sure don't display in the AnyConnect drop-down box. And I noticed neither had an Alias configured for them. SO I removed the Alias from the maintenance profile and tried to connect to the VPN again with AnyConnect and the profile was no longer displayed!! So it looks like that did it.

Thanks,
Matt

View solution in original post

2 Replies 2

Hi,

To remove the drop down box  to select a profile - Untick Allow user to select connection profile on the login page" from the AnyConnect Connection Profiles section. Under your maintenance connection profile > Advanced > Group Alias > define a Group URL.

 

On you AnyConnect client you should then be able to connect to that group url directly and it will connect you to that tunnel group.

 

HTH

Hey, thanks for the reply.

The problem is we still want to allow users to select a Group when connecting to the VPN. I just wanted to make it so that when you clicked the drop-down box to select a Group, that "maintenance" group wasn't an option to select it.

Hummm........ I think I just figured it out. I was on the ASDM looking at connection profiles and there was 2 other profiles in there that I know for sure don't display in the AnyConnect drop-down box. And I noticed neither had an Alias configured for them. SO I removed the Alias from the maintenance profile and tried to connect to the VPN again with AnyConnect and the profile was no longer displayed!! So it looks like that did it.

Thanks,
Matt
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: