I am configuring an anyconnect solution using 2,5 client, 8.3 ASA and asdm 6.3. I have two ASA's configured in a cluster with active/standby failover.
I have a wildcard cert configured on both ASA's and each of the three IP's are resolvable from the internet.FQDN redirection is enabled.
These are the url's (sanitised)...
ac.mydomain.com (cluster virtual IP)
ac1.mydomain.com (Master/active real IP)
ac2.mydomain.com (secondary/standby real IP)
In the main, I have it the way I want it working but I am having trouble getting group-url to work for the annyconnect client. It seems to work ok for clientless connections though.
I am trying to configure the ASA so that when connecting (via a browser) to the https://ac.mydomain.com on its own, this takes you to the clientless portal where you have a minimum set of apps. So, I configured a group-url of just the url above and this works fine.
I want my annyconnect clients to connect using https://ac.mydomain.com/staff. The intention is that if you go here from a browser, you can download the client and if you go here from the client you can connect to all the resources as you are in the correct DAP. I am using endpoint assesmnet to identify corporate assets and place them into the correct DAP. This seems to be working fine if i use group aliases with drop down lists.
If I try to configure a group-url for https://ac.mydomain.com/staff, and add 'staff' to the annyconnect profile, I get an error 'connection attempt has failed due to an invalid host entry' and the bottom line of the anyconnect client reads 'Unable to process response from ac1.mydomain.com'.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :