Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
0
Helpful
7
Replies

How to configure Client Based Remote Access SSL VPN using AnyConnect Client

kingnation
Level 1
Level 1

‎11-29-2017 08:50 AM - edited ‎03-08-2019 12:55 PM

Hello Everyone,

I need an help to setup a vpn connection for all the client in office to access the internal network when they are outside from office. Can anyone assist me on how to setup the vpn? i tried to search in web and i cant understand the configuration. Thank you

Labels:
0 Helpful
7 Replies 7

Julio E. Moisa
VIP Alumni
VIP Alumni

‎11-29-2017 09:27 AM - edited ‎11-29-2017 09:30 AM

Hi

First you must have a VPN license (essential could be depending of the model) and anyconnect package to be upload to the firewall:

 

The configuration could be:

 

webvpn
enable OUTSIDE
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-xxxx.pkg 
anyconnect enable
tunnel-group-list enable

 

ip local pool MY-POOL <network> mask <subnet mask>

 

object-group network MY-DESTINATION
network-object x.x.x.x y.y.y.y

 

access-list INSIDE-IN extended permit ip object-group MY-DESTINATION <MY POOL Network or object-group>

 

access-list SPLIT-TUNNEL standard permit <DESTINATION>

 

group-policy POLICY internal
group-policy POLICY attributes
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL

 

tunnel-group TUNNEL type remote-access
tunnel-group TUNNEL general-attributes
address-pool MY-POOL
default-group-policy POLICY
tunnel-group TUNNEL webvpn-attributes
group-alias <NAME OF YOUR VPN> enable

 

username <username> password <password>
username <username> attributes
vpn-group-policy POLICY
group-lock value TUNNEL
service-type remote-access




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

kingnation
Level 1
Level 1
In response to Julio E. Moisa

‎11-29-2017 10:16 AM

Ok sir. But could u tell me where can i get the VPN License and Anyconnect package to upload in cisco ASA?

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to kingnation

‎11-29-2017 11:27 AM - edited ‎11-29-2017 12:29 PM

Hi

The license and the any connect must be requested to an authorized Cisco Partner. 

You can execute the command: show activation-key to see the available features. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

kingnation
Level 1
Level 1
In response to Julio E. Moisa

‎11-29-2017 01:00 PM

This are the output for the command sir

IT-TEAM-ASA# sh activation-key
Serial Number:
Running Permanent Activation Key:

Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual

This platform has a Base license.

Sorry i had to remove the serial number and Activation key sir. So for the vpn license, should i use the activation key ? i had download the anyconnect vpn client from outside links. Is it usable? Is it the same as wat u mentioned earlier?

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to kingnation

‎11-29-2017 01:52 PM

Hi, 

You need an essential license: 

AnyConnect Essentials : Disabled perpetual

There are license providing 750 concurrent VPN users. 

 

The anyconnect software can be download from the official Cisco website but you need a valid contract / credencials to download. The best way is be in contact with a Cisco Partner to provide the best solutions. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

kingnation
Level 1
Level 1
In response to Julio E. Moisa

‎11-30-2017 07:01 AM

so i should buy the license to enable the vpn?

If yes, then is there any other way to do vpn connection to use it from home pc?

Thank you

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to kingnation

‎11-30-2017 08:54 AM

Hi

Yes, you need to buy VPN license. Unfortunately there isn´t other way. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents