Tyson's mail would have answered your question. Just wasted to comment on "group-alias".
When you use group-alias, the group-alias name is listed in the portal. You select the alias and then authenticate. But when you use group-url, you directly go into connection profile. The advantage is that nobody can see the group-alias names which is safe than exposing them. With regards Kings On Sat, Oct 2, 2010 at 8:37 PM, Pipatpong Samranpit < [email protected]> wrote: > Hi Kings, > > Big thanks for you suggestion. I may specify for wrong URL in my question. > It still need IP address or FQDN of the ASA in my URL. > There are three formats of group URL strings are supported from Cisco > document: > > 1. https://asa.cisco.com/sslclient > 2. https://sslclient.asa.cisco.com > 3. https://171.69.37.70/sslclient > > I can configure all of them and clear about the option #1 and #3 but do not > understand the option #2 "https://sslclient.asa.cisco.com";. > Do I need to configure "group-alias sslclient" when I configure WebVPN > using the CLI for group-url? > > tunnel-group SSLCLIENT webvpn-attributes > group-alias sslclient enable > group-url https://sslclient.asa.cisco.com enable > > Thanks and Regards, > Pipatpong > > ------------------------------ > Date: Sat, 2 Oct 2010 20:07:50 +0530 > Subject: Re: [OSL | CCIE_Security] ASA and Group URL > From: [email protected] > To: [email protected] > CC: [email protected] > > > For a particular connection profile (tunnel-group), you can configure more > than one group-url. When the WebVPN requests comes to ASA through the WebVPN > enabled interface and if the URL matches anyone of the configured group-url > in the tunnel-group, then that tunnel group is used for the WebVPN. > > In the URL that you have given, they have specified group-url in the form > of FQDN and IP address. > > It's not like there is only three format. It can one, two, three or more > than that. > > > From 8.0, you can configure URL-list no more using CLI. You can configure > it using ASDM which uses xmls. ASDM is not the scope of CCIE and you can > ignore > URL-lists. > > But still you can enter the URLs in the browser tab in the portal and also > you need to e aware of WebVPN filter of URLs and port forward. > > > With regards > Kings > > On Sat, Oct 2, 2010 at 5:40 PM, Pipatpong Samranpit < > [email protected]> wrote: > > Hi all, > > I may specify wrong url for my question and I just know that three formats > of group URL strings > are supported as the following url: > > > http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a008094abcb.shtml > > Figure 3: Configure Group-URLs for the Connection Profile > > Note: In this example, the group-url is configured in three different > formats. The user can enter any one of them in order to connect to the ASA > through the sslclient connection profile. > > Could anyone help me to give more explain about three formats of group-url? > > Cheers, > Pipatpong > > ------------------------------ > From: [email protected] > To: [email protected] > Date: Sat, 2 Oct 2010 02:45:10 -0800 > Subject: [OSL | CCIE_Security] ASA and Group URL > > > Hi, > > I want to configure WEBVPN on Cisco ASA for two different groups of user > > 1. Group "CustomerA", url = https://www.CustomerA.com, tunnel-group > "CustomerA" > 2. Group "CustomerB", url = https://www.CustomerB.com, tunnel-group > "CustomerB" > > How do I allow user to access the appropriate tunnel-group by the above URL > without to > specify the IP address or FQDN of the ASA as part of the URL? > > Cheers, > Pipatpong > > > > > > > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
