SSL VPN configuration on Cisco ASA with AnyConnect VPN client

SSL VPN configuration on Cisco ASA with AnyConnect VPN client


This post will describe how to setup a Cisco Adaptive Security Appliance (ASA) device to perform remote access SSL VPN with the stand-alone Cisco AnyConnect VPN client. I followed a few tutorials on the web (including a couple of examples from the Cisco website), but I failed to implement a complete solution. The following recipe has been thoroughly tested and verified.




Ingredients used for the recipe:
  • Cisco 5500 Series ASA that runs software version 8.0(2)
  • Cisco AnyConnect SSL VPN client version for Windows 2.3.0254

1. Copy AnyConnect package to the Cisco ASA device
ciscoasa# copy tftp flash
Address or name of remote host ? 192.168.100.30
Source filename ? anyconnect-win-2.3.0254-k9.pkg
Destination filename [anyconnect-win-2.3.0254-k9.pkg]?

2. Create an IP address pool
ciscoasa(config)# ip local pool VPNPOOL 192.168.20.1-192.168.20.100 mask 255.255.255.0

3. Enable and configure WebVPN
ciscoasa(config)# webvpn
ciscoasa(config-webvpn)# enable outside
ciscoasa(config-webvpn)# svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
ciscoasa(config-webvpn)# tunnel-group-list enable
ciscoasa(config-webvpn)# http redirect outside 80
ciscoasa(config-webvpn)# svc enable

4. Create access-list entries that allow traffic between the inside and remote users and also an entry for the split tunnel
ciscoasa(config)# access-list VPN-EXEMPT-NAT permit ip 192.168.100.0 255.255.255.0 192.168.20.0 255.255.255.0
ciscoasa(config)# access-list SPLIT-TUNNEL standard permit 192.168.100.0 255.255.255.0

5. Verify sysopt command is enabled
ciscoasa(config)# sysopt connection permit-vpn

6. Configure a group policy
ciscoasa(config)# group-policy CLIENTGROUP internal
ciscoasa(config)# group-policy CLIENTGROUP attributes
ciscoasa(config-group-policy)# dns-server value 192.168.100.10
ciscoasa(config-group-policy)# vpn-tunnel-protocol svc
ciscoasa(config-group-policy)# group-lock value SSLGROUP
ciscoasa(config-group-policy)# split-tunnel-policy tunnelspecified
ciscoasa(config-group-policy)# split-tunnel-network-list value SPLIT-TUNNEL
ciscoasa(config-group-policy)# webvpn
ciscoasa(config-group-webvpn)# svc keep-installer installed
ciscoasa(config-group-webvpn)# svc rekey time 30
ciscoasa(config-group-webvpn)# svc rekey method ssl
ciscoasa(config-group-webvpn)# svc ask none default svc

7. Create a new user account
ciscoasa(config)# username ssluser1 password ssluser1

8. Configure a tunnel group
ciscoasa(config)# tunnel-group SSLGROUP type remote-access
ciscoasa(config)# tunnel-group SSLGROUP general-attributes
ciscoasa(config-tunnel-general)# address-pool VPNPOOL
ciscoasa(config-tunnel-general)# default-group-policy CLIENTGROUP
ciscoasa(config-tunnel-general)# tunnel-group SSLGROUP webvpn-attributes
ciscoasa(config-tunnel-webvpn)# group-alias SSL-VPN enable

9. Configure PAT and enable NAT exemption for the VPN clients
ciscoasa(config)# global (outside) 1 interface
ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
ciscoasa(config)# nat (inside) 0 access-list VPN-EXEMPT-NAT

download file now

Comments

Post a Comment

Popular posts from this blog

Spider Man Friend Or Foe ISO Free Download PPSSPP Setting

Image
Spider Man Friend Or Foe ISO Free Download PPSSPP Setting Inspired by the Spider-Man film trilogy and the classic Spider-Man comics, Spider-Man: Friend or Foe challenges players to defeat and then join forces with notorious movie nemeses including Doc Ock, Green Goblin, Venom and Sandman, and embark on an epic quest to overcome a worldwide evil threat. Throughout the games original story and thrilling battles, fans control Spider-Man and one of numerous Super Hero or Super Villain sidekicks and master unique fighting moves and styles while switching between characters to execute team combos and defeat foes. � IGN Screen Shots File Name: Spider Man Friend Or Foe Publisher: Activision Developer: A2M (Artificial Mind and Movement) Genre: Action Image Format: ISO File Size: 552 MB Best PPSSPP Setting Of   Spider Man Friend Or Foe Gold Version.1.3.0.1 wait for 5 seconds & click the skip ad You may click the link below to download your file Download Inst...
Read more

Sorry Mutter closed unexpectedly on Ubuntu 10 10

Image
Sorry Mutter closed unexpectedly on Ubuntu 10 10 I am just exploring and understanding various features on Ubuntu 10.10 netbook. I install it on a usb stick and running from it. I am not sure what cause this problem. But I think after closing a window suddenly a message appear and says Sorry, Mutter closed unexpectedly This message box also include a request. It say If you were not doing anything confidential (entering passwords or other private information, you can help to improve the application by reporting the problem. Mutter is a window manager for ubuntu netbook edition. I am not sure why it happened. Is it a bug? download file now
Read more

Sony Xperia T2 Ultra dual

Image
Sony Xperia T2 Ultra dual Sony Xperia T2 Ultra dual in Share 1 Sony Xperia T2 Ultra dual smartphone with 6.00-inch 720x1280 display powered by 1.4GHz processor alongside 1GB RAM and 13-megapixel rear camera. Design Display Software Performance Battery life Camera Value for money Good Standalone camera button Great pricing Good design Bad Back attracts scratches Underperforming camera Low decibel levels Sony Xperia T2 Ultra dual detailed specifications General Alternate names D5306 Release date January 2014 Form factor Bar Dimensions (mm) 165.20 x 83.80 x 7.65 Weight (g) 172.00 Battery capacity (mAh) 3000 Removable battery No Colours Black, white, purple SAR value NA Display Screen size (inches) 6.00 Touchscreen Yes Touchscreen type Capacitive Resolution 720x1280 pixels Pixels per inch (PPI) 445 Hardware Processor 1.4GHz  quad-core RAM 1GB Internal storage 8GB Expandable storage Yes Expandable storage type microSD Expandable storag...
Read more