Hi all,
I need to Configure ASA 5500 v8.0 SSL VPNs with Cisco AnyConnect SSL VPN Client (AVC).Is any procees to quickly set up a user's remote access it? Configure remote access mayBeA confusing process. However, Please suggest some steps.
Hi all,
I need to Configure ASA 5500 v8.0 SSL VPNs with Cisco AnyConnect SSL VPN Client (AVC).Is any procees to quickly set up a user's remote access it? Configure remote access mayBeA confusing process. However, Please suggest some steps.
You need to configure an identity certificate. Here, I want to create a common identity called sslvpnkey certificate and the certificateApplicationTo "external" interface. Users can purchase a certificate vendors. The following Steps:
Code:corpasa (config) # crypto key generate rsa label sslvpnkey corpasa (config) # crypto ca trustpoint localtrust corpasa (config-ca-trustpoint) # enrollment self corpasa (config-ca-trustpoint) # fqdn sslvpn. mycompany.com corpasa (config-ca-trustpoint) # subject-name CN = sslvpn.mycompany.com corpasa (config-ca-trustpoint) # keypair sslvpnkey corpasa (config-ca-trustpoint) # crypto ca enroll localtrust noconfirm corpasa (config) # ssl trust-point localtrust outside
You can use Cisco Website (cisco.com) get the client image. In select Download Which image to the TFTP Server, Remember that you need to use for the users of each operation System Download Separate image. In the selection and Download Client Software.
In to upload files to ASA, the configuration about this file, it can be used as Web VPNSession. Note that if you have multiple clients, you should configure the most common customer, to have the highest priority. Check and reply.Code:corpasa (config) # copy tftp://192.168.81.50/anyconnect-Win-2.0.0343-k9.pkg flash
You need to enable any connect VPN
after that you need to create the Group Policy: Group Policy applied to the connection used to specify the parameters of the client. you need to create a group called SSLClient strategy. Remote access clients need to assign an IP during loginAddressTherefore, we need for these clients to establish a DHCP address pool, but if you have a DHCP Server. You can also use DHCP server. All the best.Code:corpasa (config) # webvpn corpasa (config-webvpn) # enable outside corpasa (config-webvpn) # svc enable
By using the sysopt connect Command. We tell the ASA to allow SSL / IPsec client to bypass interface access list:
Create a connection profile and the tunnel groupCode:corpasa (config) # sysopt connection permit-vpn
In the remote access client connects to the ASA, the also connected to a connection profile to connect configuration file, also known as the tunnel group. We will use this tunnel group to define its use of a specific connection parameters. You should configure the remote access client Cisco AnyConnect SSL client, but you can also configure the tunnel group to use IPsec, L2L so.
First, create a tunnel group SSL client:
All the best.Code:corpasa (config) # tunnel-group SSLClient type remote-access
You need to configure NAT relieve.I do not need to tell the ASA on the remote access client and to access internal Network Communication between the network address translation (NAT). First of all, we need to create a defined list of communication access, and then we used this list NAT interface statement:
After that you need to configure User Account. All the best.Code:corpasa (config) # access-list no_nat extended permit ip 192.168.200.0 255.255.255.0 192.168.100.0 255.255.255.0 corpasa (config) # nat (inside) 0 access-list no_nat
Bookmarks