Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5346
Views
5
Helpful
4
Replies

Cisco ASA anyconnect connection profile alias

Go to solution
giuseppe parlato
Level 1
Level 1

‎09-05-2014 01:27 PM - edited ‎03-11-2019 09:42 PM

Hello, just implemented anyconnect with different connection profiles. It works but I'd like users couldn't have the possibility to choose connection profiles, don't want customers for example can see manager connection profiles (even though they can't auth with that profile). Is it possible ? do I have to, in some way I don't know, provide different anyconnect client profiles for different users ? maybe it is just my security fixation.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-05-2014 08:13 PM

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-05-2014 08:13 PM

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

Go to solution
giuseppe parlato
Level 1
Level 1
In response to Marvin Rhoads

‎09-07-2014 02:26 AM

Thanks Marvin! now it works targeting on anyconnect client to vpn.mydomain.com/customers for example. I also disabled aliases on clientless vpn profiles (and disabled tunnel-group-list), other then anyconnect profiles, because they were also shown on anyconnect client logon list.

However trying to connect with anyconnet to vpn.mydomain.com I have no chance to choose connection profiles but it asked me the same user and password .. maybe it is because of defaultRAgroup? defaultRAgroup is configured as local authentication, which I don't really like, even though it is ssl and ipsec disabled anyway.

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to giuseppe parlato

‎09-07-2014 05:59 AM

You can modify your authentication method per connection profile. Default is to use the Local AAA method but your can specify any valid method.

Please rate useful answers and/or mark the question as answered when it has been.

0 Helpful

Go to solution
rgreville666
Level 1
Level 1
In response to Marvin Rhoads

‎11-11-2017 12:07 AM

Is there a way of ordering the alias'  At the moment its alphabetical and the profile now being selected by default is the new alias as its starts with an "A" (I know, I could rename it.. but I have config OCD!) 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card