Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA: webvpn: group-url command

Hell

I am not sure how group-url command work. From command reference:

"Specifying a group URL or IP address eliminates the need for the user to select a group at login. When a user logs in, the adaptive security appliance looks for the user's incoming URL/address in the tunnel-group-policy table"

when i type:

ASA-1(config-tunnel-webvpn)# group-url https://100.60.10.100/ssl enable

what does ASA do ? Compare source_ip of the client with this IP and HTTP request to check if there is "ssl" in ULR and only if both matches with this configuration binds this user to this tunnel group ?

what if i type:

ASA-1(config-tunnel-webvpn)# group-url https://www.cisco.com/ssl enable

what does ASA check exactly for this command ?

Thanx

1 ACCEPTED SOLUTION

Accepted Solutions

ASA: webvpn: group-url command

Group-url is another way to give users the right tunnel-group and group-policy. It is also configured under the webvpn params of the tunnel group. You should specify a url for each tunnel-group.

When the WebVPN requests comes to ASA through the WebVPN enabled interface and if the URL matches anyone of the configured group-url in the tunnel-group, then that tunnel group is used for the WebVPN.

It can be done both way either mention IP adress or FQDN.

Thanks

Ajay

1 REPLY

ASA: webvpn: group-url command

Group-url is another way to give users the right tunnel-group and group-policy. It is also configured under the webvpn params of the tunnel group. You should specify a url for each tunnel-group.

When the WebVPN requests comes to ASA through the WebVPN enabled interface and if the URL matches anyone of the configured group-url in the tunnel-group, then that tunnel group is used for the WebVPN.

It can be done both way either mention IP adress or FQDN.

Thanks

Ajay

1282
Views
0
Helpful
1
Replies
CreatePlease to create content