Re: ASA and Group URL

Hi Ryan,

Yes, you're right. I can configure the way you suggest. But I want to use
group-url instead of tunnel-group-list and group-alias because of the advantage
of using group-url over group-alias (group drop-down) is that you do not
expose the group names as the latter method does.

I found Cisco document state that there are three formats of group URL
strings are supported such as;

1. https://asa.cisco.com/sslclient

2. https//sslclient.asa.cisco.com

3. https//171.69.37.70/sslclient

I'm not clear about the format "https//sslclient.asa.cisco.com" and want
more detail.

Thanks and Regads,

Pipatpong

On Sat, Oct 2, 2010 at 9:24 PM, Ryan West <rwest_at_zyedge.com> wrote:

> I've not tried the method you have listed below. You can enable
> tunnel-group-list under webvpn and then set tunnel-group aliases for each
> customer. When users log in, there will be a drop down to put them into the
> correct authentication scheme and then proper group policy.
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Pipatpong Samranpit
> Sent: Saturday, October 02, 2010 8:08 AM
> To: ccielab_at_groupstudy.com
> Subject: Re: ASA and Group URL
>
> Hi all,
>
> I may specify wrong url for my question and I just know that three formats
> of group URL strings are supported as the following url:
>
>
> http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a008094abcb.shtml
>
> Figure 3: Configure Group-URLs for the Connection Profile
>
> Note: In this example, the group-url is configured in three different
> formats. The user can enter any one of them in order to connect to the ASA
> through the sslclient connection profile.
>
> Could anyone help me to give more explain about three formats of group-url?
>
> Cheers,
> Pipatpong
>
>
> On Sat, Oct 2, 2010 at 5:47 PM, Pipatpong Samranpit <
> pipatpong.s_at_tangerine.co.th> wrote:
>
> > Hi,
> >
> > I want to configure WEBVPN on Cisco ASA for two different groups of
> > user
> >
> > 1. Group "CustomerA", url = https://www.CustomerA.com, tunnel-group
> > "CustomerA"
> > 2. Group "CustomerB", url = https://www.CustomerB.com, tunnel-group
> > "CustomerB"
> >
> > How do I allow user to access the appropriate tunnel-group by the
> > above URL without to specify the IP address or FQDN of the ASA as part
> > of the URL?
> >
> > Cheers,
> > Pipatpong
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Oct 02 2010 - 21:49:21 ART