Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

AnyConnect Secure Mobility Client - using incorrect profile

Hello,

I am working on a test configuration on an ASA 5545 with a single configured Connection Profile "VPN" (and the two default DefaultRAGroup and DefaultWEBVPNGroup)

"VPN" Connection Profile is the only one enabled for SSL.  The other two are not enabled.

"VPN" uses RSA, so the authentication dialog says "Passcode" instead of "Password".

If I set "Allow user to select connection profile on the login page", the correct Connection Profile is displayed in the list an there is no alternative in the list.  When I select Connect I am prompted for Username and Passcode as expected.  This works.

If I do not set "Allow user to select connection profile on the login page" the client does not display a list.  This is our desired config.  When you select Connect, you are prompted for Username and Password, not Passcode.  Authentication fails with password and passcode. 

So even though I only have one Connection Profile, it doesn't appear to use it unless I display it in the client.

The behavior is the same with the client or going to the web page.

Any idea how I can force "VPN" Connection Profile as the default and not display it to the end-users?

Thanks!

-------------------------------------------------------------------------------------------------------------------------------------------------------

Not sure if this helps, but a debug just logs the same thing repeatedly when it is failing:

WebVPN: unable to find webvpn session.
webvpn_session.c:http_webvpn_find_session[175]
WebVPN: unable to find webvpn session.
webvpn_file_encoding.c:webvpn_get_file_encoding_db_first[68]
webvpn_db.c:webvpn_get_server_db_first[161]

 

1 REPLY
Community Member

Found that I was just missing

Found that I was just missing a "Group URL".

Under AnyConnect Connection Profiles - Edit "VPN" profile - Advanced - Group Alias/Group URL - added a URL corresponding with the Alias and my FQDN and enabled it.

Look like CLI is simply "group-url https://<enter your FQDN here> enable"

 

412
Views
0
Helpful
1
Replies
CreatePlease to create content