Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ASA anyconnect connection profile alias

Hello, just implemented anyconnect with different connection profiles. It works but I'd like users couldn't have the possibility to choose connection profiles, don't want customers for example can see manager connection profiles (even though they can't auth with that profile). Is it possible ? do I have to, in some way I don't know, provide different anyconnect client profiles for different users ? maybe it is just my security fixation.

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Just don't create connection

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

4 REPLIES
Hall of Fame Super Silver

Just don't create connection

Just don't create connection alias names for the ones you want to hide. You can instead use group URLs for them and just navigate to them directly. That will land you (the manager) on the desired profile without having to (or being able to) choose it from the drop down list.

You set those up in the AnyConnect connection profile (under Advanced Group Alias / Group URL).

New Member

Thanks,I also disabled

Thanks Marvin! now it works targeting on anyconnect client to vpn.mydomain.com/customers for example. I also disabled aliases on clientless vpn profiles (and disabled tunnel-group-list), other then anyconnect profiles, because they were also shown on anyconnect client logon list.

However trying to connect with anyconnet to vpn.mydomain.com I have no chance to choose connection profiles but it asked me the same user and password .. maybe it is because of defaultRAgroup? defaultRAgroup is configured as local authentication, which I don't really like, even though it is ssl and ipsec disabled anyway.

 

Hall of Fame Super Silver

You can modify your

You can modify your authentication method per connection profile. Default is to use the Local AAA method but your can specify any valid method.

Please rate useful answers and/or mark the question as answered when it has been.

New Member

Re: Just don't create connection

Is there a way of ordering the alias'  At the moment its alphabetical and the profile now being selected by default is the new alias as its starts with an "A" (I know, I could rename it.. but I have config OCD!) 

808
Views
0
Helpful
4
Replies
CreatePlease to create content