- Certificate mapping
- Group alias
- Group URL
- Cannot be done
The correct answers are 1 and 2.
Every VPN user needs to be associated with a connection profile in order for the ASA to determine which set of policies to apply to the connection. If certificate based authentication is in use, the a certificate to connection profile mapping can be used. Otherwise and alias can be displayed to the user at logon to allow for selection of the appropriate profile.