Configuration of Basic AnyConnect SSL VPN on Cisco ASA
Configuration of Basic AnyConnect SSL VPN on Cisco ASA
Cisco AnyConnect SSL VPN from Cisco Systems is a virtual private network (VPN) client. It enables secure remote access to an organization's internal network and resources.
To establish a secure, encrypted connection between the client device and the VPN server, the AnyConnect SSL VPN client employs the Secure Sockets Layer (SSL) protocol.
This enables users to safely access internal network resources from remote places over the internet, including as email, file servers, and other applications.
The AnyConnect SSL VPN client is available for a number of operating systems, including Windows, Mac OS X, and Linux, and it may be used in conjunction with Cisco routers or other VPN servers to provide remote access VPN services to businesses of all sizes.
Lets configure Anyconnect SSL VPN on Cisco ASA Firewall
TSD_ASA# configure terminal
TSD_ASA(config)# webvpn
TSD_ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-3.1.04072-k9.pkg 1
TSD(config-webvpn)# enable outside
TSD(config-webvpn)# anyconnect enable
TSD(config-webvpn)# exit
TSD_ASA(config)# sysopt connection permit-vpn
TSD_ASA(config)# http redirect outside 80
TSD_ASA(config)# ip local pool pool_vpn l 10.10.5.1-10.10.5.20 mask 255.255.255.0
TSD_ASA(config)# object network obj-local
TSD(config-network-object)# subnet 10.10.1.0 255.255.255.0
TSD(config-network-object)# exit
Network Object
TSD_ASA(config)# object network obj-vpnpool
TSD(config-network-object)# subnet 10.10.5.0 255.255.255.0
TSD(config-network-object)# exit
TSD_ASA(config)# nat (inside,outside) source static obj-local obj-local destination staticobjvpnpool obj-vpnpool no-proxy-arp route-lookup
TSD_ASA(config)#object network PATconfig
TSD(config-obj)#subnet 10.10.1.0 255.255.255.0
TSD(config-obj)#exit
PAT configs
TSD_ASA(config)#nat (inside,outside) source dynamic PATconfig interface
TSD_ASA(config)# access-list split-tunnel standard permit 10.10.1.0 255.255.255.0
TSD_ASA(config)# group-policy Anyconnect-Policy internal
TSD_ASA(config)# group-policy Anyconnect-Policy attributes
TSD(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless
TSD(config-group-policy)# split-tunnel-policy tunnelspecified
TSD(config-group-policy)# split-tunnel-network-list value split-tunnel
TSD(config-group-policy)# dns-server value 10.10.1.15
TSD(config-group-policy)# webvpn
TSD(config-group-webvpn)# anyconnect keep-installer installed
TSD(config-group-webvpn)# anyconnect ask none default anyconnect
TSD(config-group-webvpn)# anyconnect dpd-interval client 20
TSD(config-group-webvpn)# exit
TSD(config-group-policy)# exit
TSD_ASA(config)# tunnel-group TDusers type remote-access
TSD_ASA(config)# tunnel-group TDusers general-attributes
TSD(config-tunnel-general)# default-group-policy Anyconnect-Policy
TSD(config-tunnel-general)# address-pool pool_vpn
TSD(config-tunnel-general)# exit
TSD_ASA(config)# tunnel-group TDusers webvpn-attributes
TSD(config-tunnel-webvpn)# group-alias sslgroup_users enable
TSD(config-tunnel-webvpn)# exit
TSD_ASA(config)# webvpn
TSD(config-webvpn)# tunnel-group-list enable
TSD(config-webvpn)# exit
TSD_ASA(config)# username ssluser1 password secretpass
TSD_ASA(config)# username ssluser1 attributes
TSD(config-username)# service-type remote-access
TSD_ASA(config)# wr mem
