RE: ASA and Group URL

There is no difference between the first and the third. Just the difference
of using hostname versus IP.

But beyond that the three types of URL's shown accomplish the same task.
All that matters is that the URI is unique for each group.

when the ASA receives the incoming HTTP connect request it will look at the
URI field of the HTTP header and associate the request with the appropriate
group, so it doesn't matter if you use https://asa.cisco.com/sslclient or
https://sslclient.asa.cisco.com. It just matters that whatever you use is
consistent for your own sanity.

Regards,
 
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Pipatpong Samranpit
Sent: Saturday, October 02, 2010 10:51 AM
To: Ryan West
Cc: ccielab_at_groupstudy.com
Subject: Re: ASA and Group URL

Hi,

I just forgot the ":" after htttps.

1. https://asa.cisco.com/sslclient

2. https://sslclient.asa.cisco.com

3. https://171.69.37.70/sslclient

Thanks and Regads,

Pipatpong

On Sat, Oct 2, 2010 at 9:49 PM, Pipatpong Samranpit <
pipatpong.s_at_tangerine.co.th> wrote:

> Hi Ryan,
>
> Yes, you're right. I can configure the way you suggest. But I want to use
> group-url instead of tunnel-group-list and group-alias because of the
advantage
> of using group-url over group-alias (group drop-down) is that you do not
> expose the group names as the latter method does.
>
> I found Cisco document state that there are three formats of group URL
> strings are supported such as;
>
>
>
> 1. https://asa.cisco.com/sslclient
>
> 2. https//sslclient.asa.cisco.com
>
> 3. https//171.69.37.70/sslclient
>
>
> I'm not clear about the format "https//sslclient.asa.cisco.com" and want
> more detail.
>
>
> Thanks and Regads,
>
> Pipatpong
>
>
>
>
> On Sat, Oct 2, 2010 at 9:24 PM, Ryan West <rwest_at_zyedge.com> wrote:
>
>> I've not tried the method you have listed below. You can enable
>> tunnel-group-list under webvpn and then set tunnel-group aliases for each
>> customer. When users log in, there will be a drop down to put them into
the
>> correct authentication scheme and then proper group policy.
>>
>> -ryan
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>> Pipatpong Samranpit
>> Sent: Saturday, October 02, 2010 8:08 AM
>> To: ccielab_at_groupstudy.com
>> Subject: Re: ASA and Group URL
>>
>> Hi all,
>>
>> I may specify wrong url for my question and I just know that three
formats
>> of group URL strings are supported as the following url:
>>
>>
>>
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a008094abc
b.shtml
>>
>> Figure 3: Configure Group-URLs for the Connection Profile
>>
>> Note: In this example, the group-url is configured in three different
>> formats. The user can enter any one of them in order to connect to the
ASA
>> through the sslclient connection profile.
>>
>> Could anyone help me to give more explain about three formats of
>> group-url?
>>
>> Cheers,
>> Pipatpong
>>
>>
>> On Sat, Oct 2, 2010 at 5:47 PM, Pipatpong Samranpit <
>> pipatpong.s_at_tangerine.co.th> wrote:
>>
>> > Hi,
>> >
>> > I want to configure WEBVPN on Cisco ASA for two different groups of
>> > user
>> >
>> > 1. Group "CustomerA", url = https://www.CustomerA.com, tunnel-group
>> > "CustomerA"
>> > 2. Group "CustomerB", url = https://www.CustomerB.com, tunnel-group
>> > "CustomerB"
>> >
>> > How do I allow user to access the appropriate tunnel-group by the
>> > above URL without to specify the IP address or FQDN of the ASA as part
>> > of the URL?
>> >
>> > Cheers,
>> > Pipatpong
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Oct 02 2010 - 11:28:55 ART