Most users will be locked to a specific group which does not allow AnyConnect. Certain users will be allowed to use either the portal-only or anyconnect group. However, the anyconnect group must not allow use on machines which are not joined to our domain. Setting up Secure Desktop to limit this works, but the select users who should have the choice between groups always end up in the dynamic access policy which requires the endpoint attribute for our domain. This happens even though the RADIUS attribute sent by their Active Directory group is matched in either dynamic access policy. How can these select users be given the option to use the portal-only profile simply by group choice on the login page?
SSL VPN users (both AnyConnect/SVC and Clientless) can choose which tunnel group [Connection Profile in Adaptive Security Device Manager (ASDM)] to access using these different methods:
2)group-alias (tunnel group drop-down list on login page)
3)certificate-maps, if using certificates
We can configure the Adaptive Security Appliance (ASA) to allow users to select a group via a drop-down menu when they login to the WebVPN service. The groups that appear in the menu are either aliases or URLs of real connection profiles (tunnel groups) configured on the ASA.
Thank you for the reply. I forgot that in our current setup, users are getting mapped to groups based on the value we pass via radius class 25. So, therefore they will never be able to choose a different group using the drop-down?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...