cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3307
Views
5
Helpful
23
Replies

guide setting up anyconnect

dondaniel
Level 1
Level 1

Hi there 

need some help in setting up anyconnect. 

I am new to the cisco world and am right now having an nightmare in just getting the licenses needed to run vpn on my router RV345P. 

I am now trying to get the licenses below but the CISCO helpdesk is a bit bitchy as they claim they are not on my name but on the sellers name, although I have PAK ID and password... 

L-AC-PLS-LIC Cisco AnyConnect Plus Term License
 
LS-RV-ACS-25-1YR Cisco 1-Year RV Router Anyconnect Server 25 Tunnels
so, while having that fight for the licenses it might be intersting to start the discussion on how to actually install these licenses on laptops, handy's and of course on my router. 
Is there a kind of documentation that explains that and I assume there would be also some kind of software needed for windows 10, android, IOS deviced that need to be installed?
I just don't find anything that would explain all in one go... 
looking forward for any help.
regards
daniel
23 Replies 23

balaji.bandi
Hall of Fame
Hall of Fame

As per notes from community  :

 

To associate your AnyConnect Client Licence to your RV345 you must generate a Token from your Smart Account. Then go to your RV345 GUI -> Administration -> Licence -> Click on Register, and there you paste the Token generated. This is the way you associate the Licence with the RV.

About the AnyConnect Software, you must call Enterprise TAC +1 800 553 2447. They must associate your Service Contract (Licence) with your Cisco Smart Account. They you go to Downloads, search for AnyConnect and click on Download.

 

here is the link for reference :

 

https://www.cisco.com/c/dam/en/us/td/docs/routers/csbr/RV340/Quick_Start_Smart_License/Smart_License_qsg_en_V4.pdf

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

great, went all trhough and now the next questions appear... 

which download should I take? is there a guide to install the VPN Software itself?

 

Language localization transform Pre-Deployment (Windows)
anyconnect-win-4.7.00136-core-vpn-lang-predeploy-k9.zip
05-DEC-2018
0.62 MB
 
Language localization transform Headend Deployment (Windows)
anyconnect-win-4.7.00136-core-vpn-lang-webdeploy-k9.zip
05-DEC-2018
0.62 MB
 
AnyConnect Pre-Deployment Package (Windows) - includes individual MSI files
anyconnect-win-4.7.00136-predeploy-k9.zip
05-DEC-2018
37.17 MB
 
Application Programming Interface [API] (Windows)
anyconnect-win-4.7.00136-vpnapi.zip
05-DEC-2018
125.47 MB
 
AnyConnect Headend Deployment Package (Windows)
anyconnect-win-4.7.00136-webdeploy-k9.pkg
05-DEC-2018
43.28 MB
 
Profile Editor (Windows)
tools-anyconnect-win-4.7.00136-profileeditor-k9.msi
05-DEC-2018
8.14 MB
 
AnyConnect Installer Transforms (Windows)
tools-anyconnect-win-4.7.00136-transforms.zip
05-DEC-2018
0.04 MB
 

Each one is self explanatory, 

 

if you looking to just install on windows (not like enterprice auto package along with windows) then download below

 

AnyConnect Pre-Deployment Package (Windows) - includes individual MSI files
anyconnect-win-4.7.00136-predeploy-k9.zip
 
read the release notes :
 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ok. so i have somehow installed the anyconnect client on my windows 10 laptop. great. 

looking at the rv345p handbook , it seems that I can only use the SSL VPN with the anyconnect client software, right?

I did start the installation on the router but then get to the questions about

Client Address Pool Enter the IP address of the client address pool.

Client Netmask Enter the client netmask.

Client Domain Enter the client domain name

what is expected to be entered here?? 

and after having all installed. how do  I setup the anyconnect client on my laptop? i find no manuals to that... 

why is it that complicated and why is there not a simple handbook explaining all??

regards

yes, i did. 

and the expressions I copied out there.. page 100 ... this manual gives no hint on what to enter there. 

any IP address entered in Client Address Pool results in invalid subnet prefix message. 

are there any additonal setting needed on the router for the address pool??

and what about the client domain.. what is needed there?

 

When you create a VPN connection, the remote client is given an address that will be recognized on the main network where the router or firewall is located. That address is assigned from a "pool" which is usually defined as a subnet. Something like "192.168.100.0 255.255.255.255", for example.

 

We also assign the client a default domain for ease of looking up remote addresses. So, for instance if your main domain is "company.com", you can assign that to the clients so that when they lookup something like your intranet home page they can just type "intranet" and not "intranet.company.com" (simple example and it may not apply to you exactly, but it makes the point).

thank you Marvin

well, i am a private user and have no domain . so I just leave that one blank?

and regarding the pool, just entering a value that the router will then use (no other settings needed)?

I could save the SSL VPN Settings with that

I also have now anyconnect installed on my laptop... BUT I get the impression the real work now starts... how do I now setup the vpn connection on my laptop???

For the pool, you need to assign addresses that the internal network behind the router will recognize need to be routed to the router for reachability and that do not conflict with anything existing.

 

In the most simple setup:

 

remote client ---> Internet ---> router public address :router: router private address ---> internal network

 

Say the internal network is 192.168.1.0 /24. All internal hosts use the router private address as their default gateway (say 192.168.1.1). You could have the VPN pool be a subset of the internal network (say 192.168.1.240 - 192.168.1.250) or be a separate address space altogether (say 192.168.2.0 /24).

 

Your AnyConnect client points to the router's public IP (or an FQDN that resolves to it). It is given an address from the pool and communicates to the remote internal network using that address which then appears to the remote clients to be on the router itself.

Address pool is the pool of IP address when the user try to intiate the VPN, and user will be allocated IP address from that pool address.

 

As long as the settings are correct, and you have ACL in  place for the commute user to access resource.

You can just dialin the ASA public faced IP and connect and access the resources.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thank you both!

 

I would say the setup in the RV345p Router is complete.

the client setup is a black hole to me... no description and to what I see I can not configure the anyconnect mobile client except entering a gateway. there must be something to setup to make that secure access via VPN possible??

The client setup is just that - install and point to the gateway. It's designed to be extremely simple. Almost all options are controlled by the admin at the router (or ASA).

 

An ASA has more options of configuration bits that you can push to the client (since it's a security appliance with more security features) but the idea is the same. 

aha...? and  with gateway is what exactly the FQDN I have added to the routers WAN?

I can add the dynamic dns but when running it I first get a message of untrusted server certificate and then an error message stating 'the VPN connection failed due to unsuccessful domain name resolution'

Am I missing someting but I should install a kind of cerfiticates etc... 

I can't imagine that just adding a dynamic dns address would be enough...?

SSL/TLS uses certificates for server authentication (and sometimes for clients but not important in this case). The AnyConnect client looks for a server certificate field (common name or CN specifically) to match the FQDN of the gateway (router).

 

The guide linked earlier describes how to manage certificates on your router. Reference pages 20-22.

 

That said, a self-signed certificate generally should work. In that case, you would point the client to the IP address and not the FQDN since the self-signed certificate generally does not know about the DDNS-registered FQDN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: