Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
0
Helpful
6
Replies

VPN SSL ANNYCONNECT configuration

busy020111
Level 1
Level 1

‎04-28-2013 09:32 AM - edited ‎03-04-2019 07:44 PM

Hi,

I want to use annyconnect for connecting me to my house from anywhere. I want to use vpn ssl because it use port 443 and this port is praticaly never blocked.

I want to perform a full tunnel connection.

I tried different config but i get always this message from annyconnect client

could not connect to server. Please verify internet connectivity.

The port 443 is open on my line and i can ping my router from internet.

This is my begin of configuration

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname   ************
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 ***************
!
aaa new-model
!
!
aaa authentication login ssh enable local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-************
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-*********
revocation-check none
rsakeypair TP-self-signed-4253674758
!
!
crypto pki certificate chain TP-self-signed-**********
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34323533 36373437 3538301E 170D3133 30343238 31353331
  33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32353336
  37343735 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009E9F F733D657 F55F4A60 88578348 A6DAD8FF 4D3243C2 6C63D848 5CAA9455
  0B967B07 7B61AAF7 A40CF0C1 64C9081D 72E635C2 4606D6FF 94533576 BA247D3B
  7D23B696 503498BD 38C676A9 D2F0CB24 40829334 FE4938F6 470DD854 040269DB
  8C6198FB DEA89A8F B132C8C7 28BD9271 CD13C3B9 F5A7737B 87BC1510 93399928
  7BD90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 1484850D A30359CB F18BAEC2 23E239B3 CF711FC3 06301D06
  03551D0E 04160414 84850DA3 0359CBF1 8BAEC223 E239B3CF 711FC306 300D0609
  2A864886 F70D0101 05050003 8181006E FE76CDA2 8AEFD03D FB846D3D 6C55A5BA
  32BEADAD B53336C4 97570B17 A2B42B8E D4C01693 1A6964B4 4DDDF953 D234A388
  2454CE04 80C7CDDF 252D2312 D6C47AF4 A4A0BD9F 20CFB91D D27FCD0A 688A921D
  48301E77 07FFF2EA 7F0C1BFD E1B0D41B 1AC35EC0 5A3A6D32 1A76D617 202EFF2A
  3DA1EE23 0F5E8B72 4FFF32AD 224CF1
        quit
!
!
!
!


!
ip dhcp excluded-address 192.168.10.1 192.168.10.2
!
ip dhcp pool USER
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server $$$$$$$$$$$$
lease infinite
!
!
!
no ip domain lookup
ip domain name *********
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-M-K9 sn ***********
!
!
username ***** privilege 15 secret 4 ***************
!
!
!
!
!
controller VDSL 0
modem co5
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.10
description pppoe bridging from controller vdsl 0 to dialer 1
encapsulation dot1Q 10
ip nat outside
ip virtual-reassembly in
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
bandwidth inherit
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Dialer1
mtu 1492
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation ppp
load-interval 30
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ************
ppp chap password 0 **************
ppp direction callout
ppp ipcp header-compression ack
ppp ipcp dns request accept
ppp ipcp address accept
no cdp enable
!
ip local pool ssl_vpn_client 192.168.10.100 192.168.10.110
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list 10 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0

no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
transport input ssh
!
!
!
webvpn gateway Cisco-WebVPN-Gateway
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint my-trustpoint
inservice
!

webvpn context context1
!
ssl authenticate verify all
inservice
!
policy group one
   filter tunnel 101
!
policy group ONE
   functions svc-enabled
   functions svc-required
   svc address-pool "ssl_vpn_client" netmask 255.255.255.0
   svc keep-client-installed
   svc dpd-interval gateway 30
   svc homepage "www.google.com"
   svc rekey method new-tunnel
!
end

My goal is to use rdp ou vnc trought this vpn.

If anyone think to a best solution, tell me.

Thanks

Labels:
0 Helpful
6 Replies 6

Jeff Van Houten
Level 5
Level 5

‎04-28-2013 08:10 PM

I'm pretty sure you need to enable both the http and the http secure servers.

Sent from Cisco Technical Support iPad App

0 Helpful

busy020111
Level 1
Level 1
In response to Jeff Van Houten

‎05-01-2013 03:05 AM

Hi,

I have rebuild my config and i'm able to connect on my ssl gateway but when i click for start the connection tunnel on the rught pannel, i get this message

https://*.*.*.*/CACHE/webvpn/stc/1/index.html

page not found

0 Helpful

busy020111
Level 1
Level 1

‎05-18-2013 09:48 AM

Anyone for help me ??

0 Helpful

Steven Williams
Level 4
Level 4
In response to busy020111

‎05-19-2013 12:13 PM

What device are you using for your SSL anyconnect termination?

0 Helpful

mstoyanoff.ni
Level 1
Level 1
In response to Steven Williams

‎05-19-2013 03:16 PM

Hi there,

Please follow this step-by-step guide.

ref.

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_ssl_vpn.html#wp1473502

Let me know if you have any questions.

HTP,

MS

HTH MS
0 Helpful

busy020111
Level 1
Level 1

‎05-20-2013 03:25 AM

Re,

I use a Cisco 887-VA-M and clients on XP, 7 and android phone.

I have already followed multiple how to but i have always different errors without any trace.

I'm completly noob in vpn, if someone can discuss with me about my needs and provide me a sample of configuration based on my needs and my topology

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card