Connect to CISCO Anyconnect SSL VPN

[Christina 80]

Sponsored Links

Hi all,

I need to Configure ASA 5500 v8.0 SSL VPNs with Cisco AnyConnect SSL VPN Client (AVC).Is any procees to quickly set up a user's remote access it? Configure remote access mayBeA confusing process. However, Please suggest some steps.

[Steve123]

You need to configure an identity certificate. Here, I want to create a common identity called sslvpnkey certificate and the certificateApplicationTo "external" interface. Users can purchase a certificate vendors. The following Steps:

Code:

corpasa (config) # crypto key generate rsa label sslvpnkey
corpasa (config) # crypto ca trustpoint localtrust
corpasa (config-ca-trustpoint) # enrollment self
corpasa (config-ca-trustpoint) # fqdn sslvpn. mycompany.com
corpasa (config-ca-trustpoint) # subject-name CN = sslvpn.mycompany.com
corpasa (config-ca-trustpoint) # keypair sslvpnkey
corpasa (config-ca-trustpoint) # crypto ca enroll localtrust noconfirm
corpasa (config) # ssl trust-point localtrust outside

[Shen]

You can use Cisco Website (cisco.com) get the client image. In select Download Which image to the TFTP Server, Remember that you need to use for the users of each operation System Download Separate image. In the selection and Download Client Software.

Code:

corpasa (config) # copy tftp://192.168.81.50/anyconnect-Win-2.0.0343-k9.pkg flash

In to upload files to ASA, the configuration about this file, it can be used as Web VPNSession. Note that if you have multiple clients, you should configure the most common customer, to have the highest priority. Check and reply.

[Big Fish]

You need to enable any connect VPN

Code:

corpasa (config) # webvpn
corpasa (config-webvpn) # enable outside
corpasa (config-webvpn) # svc enable

after that you need to create the Group Policy: Group Policy applied to the connection used to specify the parameters of the client. you need to create a group called SSLClient strategy. Remote access clients need to assign an IP during loginAddressTherefore, we need for these clients to establish a DHCP address pool, but if you have a DHCP Server. You can also use DHCP server. All the best.

[Zachary]

By using the sysopt connect Command. We tell the ASA to allow SSL / IPsec client to bypass interface access list:

Code:

corpasa (config) # sysopt connection permit-vpn

Create a connection profile and the tunnel group
In the remote access client connects to the ASA, the also connected to a connection profile to connect configuration file, also known as the tunnel group. We will use this tunnel group to define its use of a specific connection parameters. You should configure the remote access client Cisco AnyConnect SSL client, but you can also configure the tunnel group to use IPsec, L2L so.
First, create a tunnel group SSL client:

Code:

corpasa (config) # tunnel-group SSLClient type remote-access

All the best.

[Snake08]

You need to configure NAT relieve.I do not need to tell the ASA on the remote access client and to access internal Network Communication between the network address translation (NAT). First of all, we need to create a defined list of communication access, and then we used this list NAT interface statement:

Code:

corpasa (config) # access-list no_nat extended permit
ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0
corpasa (config) # nat (inside) 0 access-list no_nat

After that you need to configure User Account. All the best.