Hi Kings, Thanks you for more explain. Thanks and Regards,Pipatpong Date: Sat, 2 Oct 2010 21:25:41 +0530 Subject: Re: [OSL | CCIE_Security] ASA and Group URL From: [email protected] To: [email protected] CC: [email protected]
Tyson's mail would have answered your question. Just wasted to comment on "group-alias". When you use group-alias, the group-alias name is listed in the portal. You select the alias and then authenticate. But when you use group-url, you directly go into connection profile. The advantage is that nobody can see the group-alias names which is safe than exposing them. With regards Kings On Sat, Oct 2, 2010 at 8:37 PM, Pipatpong Samranpit <[email protected]> wrote: Hi Kings, Big thanks for you suggestion. I may specify for wrong URL in my question. It still need IP address or FQDN of the ASA in my URL.There are three formats of group URL strings are supported from Cisco document: 1. https://asa.cisco.com/sslclient2. https://sslclient.asa.cisco.com 3. https://171.69.37.70/sslclient I can configure all of them and clear about the option #1 and #3 but do not understand the option #2 "https://sslclient.asa.cisco.com";. Do I need to configure "group-alias sslclient" when I configure WebVPN using the CLI for group-url? tunnel-group SSLCLIENT webvpn-attributes group-alias sslclient enable group-url https://sslclient.asa.cisco.com enable Thanks and Regards,Pipatpong Date: Sat, 2 Oct 2010 20:07:50 +0530 Subject: Re: [OSL | CCIE_Security] ASA and Group URL From: [email protected] To: [email protected] CC: [email protected] For a particular connection profile (tunnel-group), you can configure more than one group-url. When the WebVPN requests comes to ASA through the WebVPN enabled interface and if the URL matches anyone of the configured group-url in the tunnel-group, then that tunnel group is used for the WebVPN. In the URL that you have given, they have specified group-url in the form of FQDN and IP address. It's not like there is only three format. It can one, two, three or more than that. >From 8.0, you can configure URL-list no more using CLI. You can configure it >using ASDM which uses xmls. ASDM is not the scope of CCIE and you can ignore URL-lists. But still you can enter the URLs in the browser tab in the portal and also you need to e aware of WebVPN filter of URLs and port forward. With regards Kings On Sat, Oct 2, 2010 at 5:40 PM, Pipatpong Samranpit <[email protected]> wrote: Hi all, I may specify wrong url for my question and I just know that three formats of group URL stringsare supported as the following url: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a008094abcb.shtml Figure 3: Configure Group-URLs for the Connection Profile Note: In this example, the group-url is configured in three different formats. The user can enter any one of them in order to connect to the ASA through the sslclient connection profile. Could anyone help me to give more explain about three formats of group-url? Cheers,Pipatpong From: [email protected] To: [email protected] Date: Sat, 2 Oct 2010 02:45:10 -0800 Subject: [OSL | CCIE_Security] ASA and Group URL Hi, I want to configure WEBVPN on Cisco ASA for two different groups of user 1. Group "CustomerA", url = https://www.CustomerA.com, tunnel-group "CustomerA" 2. Group "CustomerB", url = https://www.CustomerB.com, tunnel-group "CustomerB" How do I allow user to access the appropriate tunnel-group by the above URL without to specify the IP address or FQDN of the ASA as part of the URL? Cheers, Pipatpong _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
