The group-policy is tied either to the user locally on the ASA or is determined via LDAP or RADIUS. The profiles are defined under the group-policy.
After re-reading your first email, we may be talking about two different things.. If you're talking about the group authentication name with the classic IPSec VPN client, you have the option of creating a tunnel-group-list and alias that allows for a drop down on the webvpn authentication page. You can also use a host header option (group-url) that Tyson brought up a couple of months back. If you're feeling fancy, you can enable both.
If you're trying to get things like start before logon working, then you'll need to create the profiles that I mentioned earlier.
Can you explain your scenario a bit better?
Thanks,
-ryan
-----Original Message-----
From: Edouard Zorrilla [mailto:ezorrilla_at_tsf.com.pe]
Sent: Thursday, January 20, 2011 6:50 PM
To: Ryan West; ccielab_at_groupstudy.com; security_at_groupstudy.com
Subject: Re: Anyconnect profiles
Thanks Ryan,
If I allow the user choose his profile, it would mean then that an user can choose a wrong profile and connect to the network. Is that all right ?. I will read all the document and hopefully I can find there where can I tie the user and its profile.
Regards !.,
-----Original Message-----
From: Ryan West
Sent: Thursday, January 20, 2011 2:44 PM
To: Edouard Zorrilla ; ccielab_at_groupstudy.com ; security_at_groupstudy.com
Subject: RE: Anyconnect profiles
Check here:
This mentions using it via ASDM, but you can download the profile editor standalone too. Then you create the xml profile, upload it to the ASA, and reference it under the webvpn global section. Then you can call to it from your group-policies.
-ryan
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Edouard Zorrilla
Sent: Thursday, January 20, 2011 5:38 PM
To: ccielab_at_groupstudy.com; security_at_groupstudy.com
Subject: Anyconnect profiles