Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Hide tunnel-group in anyconnect client

HI all,

how do I hide from the dropdown menu  profiles that do not interest me?

in see always all tunnel group configurate on asa.

in path of cisco anyconnect client, i have preferences.xml.

thanks in advance for your help

regards

 

 

  • VPN
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

If the group aliases are

If the group aliases are setup on the ASA, any user going to the outside interface to log into the VPN will see the list.

The ASA administrator can optionally publish a URL shortcut using the "group-url"  attribute when configuring the SSL VPN. Here's a link to the configuration guide section for doing that. with that in place, one can browse (or point AnyConnect) straight to that URL and skip having to select from the dropdown list.

10 REPLIES
Hall of Fame Super Silver

If the group aliases are

If the group aliases are setup on the ASA, any user going to the outside interface to log into the VPN will see the list.

The ASA administrator can optionally publish a URL shortcut using the "group-url"  attribute when configuring the SSL VPN. Here's a link to the configuration guide section for doing that. with that in place, one can browse (or point AnyConnect) straight to that URL and skip having to select from the dropdown list.

New Member

Hi Marvinthanks for your

Hi Marvin

thanks for your reply.

toomorow test this solution in my office.

But i'm using anyconnect  whit "ipsec" to replace vpn client.

in my company the user usualy connect at right group in the pcf files, but  i have plus 50 groups and the dropdown menu may be confused.

is there another way to inhibit the users select in dropdown menu the groups selection?

Hall of Fame Super Silver

Marziano,Yes, it is

Marziano,

Yes, it is completely possible to opt not to publish any (or only a subset) or the group aliases (which point to tunnel-groups aka connection profiles) in the ASAs VPN home page. I originally answered not knowing if you were asking as an end user or as an administrator.

The admin has many options available to customize the user experience. In addition to deciding whether or not to publish the aliases in the dropdown, or whether or not to enable group-urls, the admin can also direct users (or groups of users) if you are using either local or RADIUS external authentication to certain connection profiles.

Those are all covered elsewhere in the configuration guide I linked above and in various published sources here at cisco.com and elsewhere.

New Member

hi Marvin, johnlloydi solved

hi Marvin, johnlloyd

i solved in this way.

from asa i disabled tunnel-group-list enable under webvpn config.

I created 1 group-policy and 1 gorup-url for any tunnel group

by broser i type https://x.x.x.x/name_group (only internet explorer)

while from anyconnect client, on popup i type x.x.x.x/name_group

in both cases the connection are succesfully.

 

thank you for your suggest

 

best regards

Hall of Fame Super Silver

You're welcome, marziano77

You're welcome, marziano77.

Please mark your question as answered and rate any helpful replies.

Best regards.

New Member

Hi Marvin, Good day! Sorry

Hi Marvin,

 

Good day!

 

Sorry for taking this topic up again since it has a relative situation in my implementation right now.

 

I also want to filter out the drop-down list in the Cisco Anyconnect profiles however, I am using Cisco ISE 1.2, how can I do it?

 

Can I filter out per Group Policy of the ASA? For example, all Group A can only see Group A tunnel group in their Cisco Anyconnect drop-down list of profiles.

 

Thank you very much for the help!

 

cheers,

 

niks

Hall of Fame Super Silver

If you publish the alias in

If you publish the alias in the dropdown it will be visible for all users. You can restrict who can use it (and enforce that in the configuration) but you cannot make it not appear for those users.

That's the case whether or not you use ISE - either as your simple AAA server or doing COA with ISE And the latest ASA software.

hi,i have a different

hi,

i have a different approach to your situation. (marvin, you could correct me here).

you could edit the group policy and bind/lock it to the respective connection profile (tunnel-group).

you can do so by unchecking the "Inherit" under "Connection Profile (Tunnel Group) Lock." see attached.

 

Hall of Fame Super Silver

That's certainly another

That's certainly another option, John.

As I noted "The admin has many options available to customize the user experience." :)

 

774
Views
4
Helpful
10
Replies
This widget could not be displayed.