Configuring AnyConnect SSL VPN in ASA for 8.4 IOS
username userB password test encrypted
ciscoasa# show run
: Saved
:
ASA Version 8.4(2)
!
hostname ciscoasa
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
Assigning IP address to interfaces
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.10.1.1 255.255.255.0
no shut
!
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.200.1 255.255.255.0
no shut
!
ftp mode passive
copying anyconnect software client
copy tftp://192.168.200.10/anyconnect-win-2.4.1012-k9.pkg flash:
Configuring object network
object network INSIDE-HOSTS
subnet 192.168.200.0 255.255.255.0
object network VPN-HOSTS
subnet 192.168.100.0 255.255.255.0
configuring spilt tunnel
access-list sales-spilt-tunnel standard permit 192.168.200.0 255.255.255.0.
configuring access-list for users
access-list limited extended permit tcp host 192.168.100.10 host 192.168.200.5 eq telnet
access-list limited extended deny ip host 192.168.100.10 192.168.200.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
DHCP pool address for VPN Clients
ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-641.bin
no asdm history enable
arp timeout 14400
Configure NAT exemption for traffic between internal LAN and remote users
nat (inside,outside) source static INSIDE-HOSTS INSIDE-HOSTS destination static VPN-HOSTS VPN-HOSTS
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
Enabling http access for ASDM
http server enable
http 192.168.200.10 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
Enabling Anyconnect Access
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
anyconnect enable
tunnel-group-list enable
Create a new Group Policy by name SSLCLientPolicy
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value 192.168.200.100
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value sales-spilt-tunnel
address-pools value SSLClientPool
creating username for asdm access
username test password test encrypted privilege 15
creating user for anyconnect vpn
username userA password test encrypted
username userA attributes
vpn-filter value limited
vpn-framed-ip-address 192.168.100.10 255.255.255.0
service-type remote-access
creating user for anyconnect vpn
username userB attributes
service-type remote-access
Create a Connection Profile and Tunnel Group for the AnyConnect Client Connections by name SSLClientProfile
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLCLientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
!
!
: end
ciscoasa#
open web browser and type ASA outside IP address https://10.10.1.1
Type down username and password it will install any connect software (you must be have administration permission on PC you are using ) and you are ready to access LAN resources
Thanks for configuration.
ReplyDeleteCool blog.
top10-bestvpn.com
Thank you.Good configuration for AnyConnect on Cisco ASA.
ReplyDeleteConnection works good.Great post.
http://10webhostingservice.com/
One cannot explain this topic better than this and I am very happy that you took time to share it here. Well, I need suggestions on using free but reliable vpn for android. So, I was wondering if you can suggest me some VPN’s with their reviews!
ReplyDeleteJust admiring your work and wondering how you managed this blog so well. It’s so remarkable that I can't afford to not go through this valuable information whenever I surf the internet! lesmeilleursvpn
ReplyDeleteThe most effective means bring in some form of e-book and enjoy this almost from anywhere is during the entire fascinating process involving mp 3 mp3 audio books. The true sound e-book outlets that always one thinks of as rapidly as. was ist vpn
ReplyDeleteI admit, I have not been on this web page in a long time... however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues https://vpnveteran.com/
ReplyDeleteYou guys are writing some Amazing tips. Thanks for sharing this. Totally Awesome Post Please Keep Posting Regularly.
ReplyDeleteechobeat earbuds review, chargeboost reviews, liporing review , doc socks, livewave antenna review
Bump Sweat
ReplyDeleteOkoWatt
OkoWatt Energy Saver
OkoWatt
okowatt
https://sites.google.com/view/okowatt-reviews/okowatt
Nice post, thank for sharing this information. It's really makes me understand about that topic. OxyBreath Pro™️ Reviews
ReplyDelete