Lab Minutes Forum

Technical Discussion => Security => Topic started by: pemasiri on August 26, 2014, 03:25:12 AM

Title: AnyConnect VPN disable group-list globally
Post by: pemasiri on August 26, 2014, 03:25:12 AM
Hi,

We have configured mix of Anyconnect clientless (webvpn) and AnyConnect client (IPsec) VPN and we want disable group-list (or group alias) only for SSL clientless (webvpn) group but to keep for AnyConnect client vpn.

As you know group-list command is global for all the VPN groups when we disable it its removes for all the AnyConnect Client (IPSec) VPN users as well.

Appreciate if someone let me know is there any other way that we can disable group-list ONLY for webvpn(clientless) users but to keep it for AnyConnect Client vpn users..?

Thanks
Title: Re: AnyConnect VPN disable group-list globally
Post by: MC on August 26, 2014, 06:31:48 PM
Hmm.. I don't think it is possible. If I remember correctly, as soon as you enable group-list, all groups would show up even those without group-alias command. Any reason why you would not do user-to-group mapping using class OU, assuming you use RADIUS server, or even group-url?
Title: Re: AnyConnect VPN disable group-list globally
Post by: ModSheVit on October 09, 2014, 12:55:10 AM
This web explain everything. when I don't know. I will come to see your answer.
SimplePortal 2.3.7 © 2008-2024, SimplePortal