05-12-2014 11:31 AM - edited 02-21-2020 07:38 PM
HI all,
how do I hide from the dropdown menu profiles that do not interest me?
in see always all tunnel group configurate on asa.
in path of cisco anyconnect client, i have preferences.xml.
thanks in advance for your help
regards
Solved! Go to Solution.
05-12-2014 12:26 PM
If the group aliases are setup on the ASA, any user going to the outside interface to log into the VPN will see the list.
The ASA administrator can optionally publish a URL shortcut using the "group-url" attribute when configuring the SSL VPN. Here's a link to the configuration guide section for doing that. with that in place, one can browse (or point AnyConnect) straight to that URL and skip having to select from the dropdown list.
05-12-2014 12:26 PM
If the group aliases are setup on the ASA, any user going to the outside interface to log into the VPN will see the list.
The ASA administrator can optionally publish a URL shortcut using the "group-url" attribute when configuring the SSL VPN. Here's a link to the configuration guide section for doing that. with that in place, one can browse (or point AnyConnect) straight to that URL and skip having to select from the dropdown list.
05-12-2014 12:55 PM
Hi Marvin
thanks for your reply.
toomorow test this solution in my office.
But i'm using anyconnect whit "ipsec" to replace vpn client.
in my company the user usualy connect at right group in the pcf files, but i have plus 50 groups and the dropdown menu may be confused.
is there another way to inhibit the users select in dropdown menu the groups selection?
05-12-2014 02:58 PM
Marziano,
Yes, it is completely possible to opt not to publish any (or only a subset) or the group aliases (which point to tunnel-groups aka connection profiles) in the ASAs VPN home page. I originally answered not knowing if you were asking as an end user or as an administrator.
The admin has many options available to customize the user experience. In addition to deciding whether or not to publish the aliases in the dropdown, or whether or not to enable group-urls, the admin can also direct users (or groups of users) if you are using either local or RADIUS external authentication to certain connection profiles.
Those are all covered elsewhere in the configuration guide I linked above and in various published sources here at cisco.com and elsewhere.
05-13-2014 05:11 AM
hi Marvin, johnlloyd
i solved in this way.
from asa i disabled tunnel-group-list enable under webvpn config.
I created 1 group-policy and 1 gorup-url for any tunnel group
by broser i type https://x.x.x.x/name_group (only internet explorer)
while from anyconnect client, on popup i type x.x.x.x/name_group
in both cases the connection are succesfully.
thank you for your suggest
best regards
05-13-2014 05:12 AM
You're welcome, marziano77.
Please mark your question as answered and rate any helpful replies.
Best regards.
02-08-2015 07:38 PM
Hi Marvin,
Good day!
Sorry for taking this topic up again since it has a relative situation in my implementation right now.
I also want to filter out the drop-down list in the Cisco Anyconnect profiles however, I am using Cisco ISE 1.2, how can I do it?
Can I filter out per Group Policy of the ASA? For example, all Group A can only see Group A tunnel group in their Cisco Anyconnect drop-down list of profiles.
Thank you very much for the help!
cheers,
niks
02-09-2015 05:48 AM
If you publish the alias in the dropdown it will be visible for all users. You can restrict who can use it (and enforce that in the configuration) but you cannot make it not appear for those users.
That's the case whether or not you use ISE - either as your simple AAA server or doing COA with ISE And the latest ASA software.
05-12-2014 07:41 PM
hi,
i have a different approach to your situation. (marvin, you could correct me here).
you could edit the group policy and bind/lock it to the respective connection profile (tunnel-group).
you can do so by unchecking the "Inherit" under "Connection Profile (Tunnel Group) Lock." see attached.
05-13-2014 04:32 AM
That's certainly another option, John.
As I noted "The admin has many options available to customize the user experience." :)
05-13-2014 05:19 AM
john
your suggest lock only the user to tunnel-group but i see ever all tunnel-group in the dropbox menu of cisco anyconnect client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide