03-14-2013 05:53 PM - edited 02-21-2020 06:45 PM
Hello,
I have two questions where i cannot find the answer to :/
I configured a working anyconnect vpn on a c892fsp router, using windows webdeployment pkg
I would like to add the linux and mac pkg too, so those users get it installed when connected to the portal
The command svc image imagename order# does not seem to work in IOS (I indeed found that in an ASA tutorial)
Any idea' how to add the mac and linux package to the portal? (where the windows package is already in place)
Secondly, I'd like to force ALL traffic from vpn client through the tunnel. Any idea's on how to change the config below to add a gateway and dns server to the client vpn nic?
webvpn gateway Cisco-WebVPN-Gateway
ip address *.*.*.* port 443
ssl encryption rc4-md5
ssl trustpoint vpn
inservice
!
webvpn context Cisco-WebVPN
title "MINF/ICTJ WebVPN - Cisco"
!
acl "ssl-acl"
permit ip 10.0.0.0 255.255.255.0 10.0.0.0 255.255.255.0
login-message "Enter MINF/ICTJ credentials"
aaa authentication list sslvpn
gateway Cisco-WebVPN-Gateway
!
ssl authenticate verify all
!
url-list "rewrite"
inservice
!
policy group webvpnpolicy
functions svc-enabled
filter tunnel ssl-acl
svc address-pool "webvpn-pool" netmask 255.255.255.0
svc rekey method new-tunnel
svc split include 10.0.0.0 255.255.255.0
default-group-policy webvpnpolicy
!
thank you
03-14-2013 07:01 PM
I only does the remote access VPN on ASA. But I guess if you want all traffic to go thru the tunnel take off the splittunnel from your group policy. Split tunnel is used to specify which type of traffic should go thru tunnel and anything not included in the split tunnel will not go to the tunnel. Hope that helps.
03-14-2013 08:42 PM
Yes, you can have multiple AnyConnect package on IOS router as well. Assuming that you are running version 12.4(20)T or higher.
Here is the command:
crypto vpn anyconnect
Config guide for your reference:
To change it to no split tunnel, ie: pushing everything down the tunnel, you can remove the following:
svc split include 10.0.0.0 255.255.255.0
To add dns server information, it's under the following:
policy group webvpnpolicy
svc default-domain
svc dns-server primary
svc dns-server secondary
Here is the config guide for your reference:
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide