SSL VPN website different when accessed via FQDN.

[NDClutch]

We have our ASA using the Anyconnect VPN and it seems to be working fine. If you navigate to the IP address of our ASA's Outside interface, we get the correct login screen. It asks for the Username, Password and to choose a Group. I have it setup to use our Radius server for authentication. I can type in my Active Directory credentials and it logs me in and checks for the Anyconnect client on my PC.

We moved forward with registering a FQDN for this EXACT same IP address, but when we try and user this FQDN, the ASA brings up a different webpage. This webpage only has a Username and Password field. There is no option to select a VPN Group. If I try and use my AD credentials, it fails authentication.

I confirmed that the FQDN is using the correct IP by pinging it.

Has anyone seen this before?

 

[unclerico]

it sounds like you're hitting the default group for some reason

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[NDClutch]

Actually I found the problem. A colleague of mine attempted the WebVPN setup several months ago. We had several internal websites that offsite users needed to get to. He thought that when he created the Clientless SSL VPN Connection Profile for these users, he was supposed to enter in our VPN FQDN for this site in the "Group URLs" portion of the profile. I stummpled across this and though..."That shouldn't be listed there.", so I removed it. Once I did that, I was able to navigate to the same VPN page, regardless if I used the IP or FQDN.

Weird that the ASA would redirect it's outside interface to that page just because it was located in a Connection Profile.

Thanks for the response back.