RE: WEBVPN Default group vs new group

Only difference I can think of for using default vs. custom profile would be to remove the dropdown menu on the SSL login screen (since the default will be chosen automatically if you don't have "tunnel-group-list enable" in your webvpn config). Custom Tunnel Group profiles would require you to force users to select their correct Tunnel Group during login.

Hope this helps!

Aaron T. Rohyans
Senior Network Engineer
CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IPS, CQS-VPN, ISSP, CISP, JNCIA-ER
DPSciences Corporation
7400 N. Shadeland Ave., Suite 245
Indianapolis, IN 46250
Office: (317) 348-0099
Fax: (317) 849-7134
arohyans_at_dpsciences.com
http://www.dpsciences.com/

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Ryan West
Sent: Saturday, May 02, 2009 3:56 PM
To: Darby Weaver
Cc: Sadiq Yakasai; Cisco certification; Cisco certification
Subject: Re: WEBVPN Default group vs new group

TAC was helpful with phone proxy when we configured it. It is a PIA
though, have fun.

Sent from handheld.

On May 2, 2009, at 1:52 PM, "Darby Weaver" <ccie.weaver_at_gmail.com>
wrote:

> Cannot think of any negatives to creating your own WEBVPN profiles.
> Have
> not thought of it as far as the lab itself goes.
>
> I've been working on a project to move over my webvpn config from
> one ASA to
> another and on the larger ASA's there are a few different profiles
> from a
> few different VPN types.
>
> No biggie, it is really a matter of keeping all the components
> straight and
> remembering not to make typos.
>
> Even the ASA Phone Proxy does not look too frightening and I have to
> add
> that soon after I test in on the 5510 and ensure it works as promised.
>
> FYI - I was told by TAC that they do not formally support ASA Phone
> Proxy.
> So I guess ?I get to be a pioneer if there are any issues.
>
> I do not expect any it looks easy enough.
>
> As far as SSL-VPNs:
>
> 1. Licensing if you need beyond 2.
> 2. Keep track of your components
> 3. I don't see any issues with using a custom profile.
> 4. Lab Day - Try to do whatever is asked.
>
>
>
>
>
> On Sat, May 2, 2009 at 7:40 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com>
> wrote:
>
>> HI Guys,
>>
>> Been trying to get my head around configuring WEBVPN on the ASA
>> appliance.
>> From my gatherings, is it safe to conclude that you can configure
>> WEBVPN
>> (like other similar tunnel group configs) in at least 2 different
>> ways:
>>
>> 1. Modify the default ASA WEBVPN tunnel group to suit what you want.
>>
>> 2. Create a new tunnel group and make it of type, WebVPN.
>>
>> Are there any caveats of using either at all? I guess if its not
>> specified
>> anywhere in the Lab exam, one should just go with the easiest
>> option then
>> (which I still havent worked out yet), right?
>>
>> Thanks,
>> Sadiq
>>
>> --
>> CCIE #19963
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
 

>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
 

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat May 02 2009 - 19:31:38 ART