Re: Anyconnect profiles

Thanks Ryan,

I will look into the archives the (group-url) that Tysin brought up a couple
of months back as well.

Regards!

-----Original Message-----
From: Ryan West
Sent: Thursday, January 20, 2011 4:01 PM
To: Edouard Zorrilla ; ccielab_at_groupstudy.com ; security_at_groupstudy.com
Subject: RE: Anyconnect profiles

The group-policy is tied either to the user locally on the ASA or is
determined via LDAP or RADIUS. The profiles are defined under the
group-policy.

After re-reading your first email, we may be talking about two different
things.. If you're talking about the group authentication name with the
classic IPSec VPN client, you have the option of creating a
tunnel-group-list and alias that allows for a drop down on the webvpn
authentication page. You can also use a host header option (group-url) that
Tyson brought up a couple of months back. If you're feeling fancy, you can
enable both.

If you're trying to get things like start before logon working, then you'll
need to create the profiles that I mentioned earlier.

Can you explain your scenario a bit better?

Thanks,

-ryan

-----Original Message-----
From: Edouard Zorrilla [mailto:ezorrilla_at_tsf.com.pe]
Sent: Thursday, January 20, 2011 6:50 PM
To: Ryan West; ccielab_at_groupstudy.com; security_at_groupstudy.com
Subject: Re: Anyconnect profiles

Thanks Ryan,

If I allow the user choose his profile, it would mean then that an user can
choose a wrong profile and connect to the network. Is that all right ?. I
will read all the document and hopefully I can find there where can I tie
the user and its profile.

Regards !.,

-----Original Message-----
From: Ryan West
Sent: Thursday, January 20, 2011 2:44 PM
To: Edouard Zorrilla ; ccielab_at_groupstudy.com ; security_at_groupstudy.com
Subject: RE: Anyconnect profiles

Check here:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1228114

This mentions using it via ASDM, but you can download the profile editor
standalone too. Then you create the xml profile, upload it to the ASA, and
reference it under the webvpn global section. Then you can call to it from
your group-policies.

-ryan

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Edouard Zorrilla
Sent: Thursday, January 20, 2011 5:38 PM
To: ccielab_at_groupstudy.com; security_at_groupstudy.com
Subject: Anyconnect profiles

I have been going through the AnyConnect profiles and I havenbt seen so far
how AnyConnect version 2.5 or version 3 can manage profile.

When I used to have remote IPSec VPN, I created the profiles under
group-policy and tunnel-group options, but it seems to me that AnyConnect
does not support these options anymore. Could you please confirm that ?.

Thanks a lot.,

Regards.

Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 26 2011 - 09:18:21 ART