Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
15
Helpful
4
Replies

AnyConnect setup question

tinhnho123
Level 2
Level 2

‎09-12-2013 12:56 PM - edited ‎02-21-2020 07:09 PM

    Hello,

I currently have ASA 5540 and my licened features are below:

VPN-DES                                 : Enabled        perpetual

VPN-3DES-AES                        : Enabled        perpetual

Security Contexts                      : 2              perpetual

GTP/GPRS                                : Disabled       perpetual

AnyConnect Premium Peers        : 2              perpetual

AnyConnect Essentials                : Disabled       perpetual

Other VPN Peers                         : 5000           perpetual

Total VPN Peers                          : 5000           perpetual

Shared License                            : Disabled       perpetual

AnyConnect for Mobile                  : Disabled       perpetual

AnyConnect for Cisco VPN Phone  : Disabled       perpetual

Advanced Endpoint Assessment     : Disabled       perpetual

UC Phone Proxy Sessions             : 2              perpetual

Total UC Proxy Sessions               : 2              perpetual

Botnet Traffic Filter                         : Disabled       perpetual

Intercompany Media Engine            : Disabled       perpetual

This platform has an ASA 5540 VPN Premium license.

1. Do I need to have a real public SSL cert for it while I'm testing AnyConnect?

2. Our current network is on 172.16.x.x network, what is the best idea to have this AnyConnect subnet on? I was thinking about 10.10.10.0/24 network then route that subnet to only certain subnets on our current 172.16.x.x network. What do ya think?

3. I'd assume that I need DHCP for 10.10.10.0/24 too right?

Thanks.

Labels:
0 Helpful
4 Replies 4

Jeet Kumar
Cisco Employee
Cisco Employee

‎09-12-2013 01:07 PM

Hi,

You do not need public ssl till the time you are testing. If you do not have a SSL cert (public) you will just get the error that certificate is not valid you can just ignore it.

You can choose any pool subnet till the point that subnet is not present in your lan.

No you do not need any DHCP.

Thanks

Jeet

npokhriy
Level 1
Level 1

‎09-12-2013 01:08 PM

Hi,

1) It is not necessary to have public SSL cert on ASA for connecting the anyconnect. You will get warning message for certificate but you should be able to connect to ASA.

2) Yes, you can use 10.10.10.0/24 subnet as your address-pool for anyconnect clients.

3) You can define address-pool either from DHCP or locally from ASA.

You ca check below link to configure anyconnect client configuration on ASA:-

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808efbd2.shtml

Let me know if it helps!!

Regards,

Naresh

tinhnho123
Level 2
Level 2
In response to npokhriy

‎09-12-2013 01:36 PM

Thanks guys.

2. My core router is where control all the subnets and routing, Let's say i'll use 10.10.10./24 subnet then I will have to create that subnet first on my core router before confirgure Anyconnect on the ASA?

3. Let's say I don't have DHCP pool setup for this vlan 10.10.10.0/24, how can ASA distribute an IP (from 10.10.10.0/24) to my client which trying to connect from outside? I'm kind of confuse here.

Thanks.

0 Helpful

Jeet Kumar
Cisco Employee
Cisco Employee
In response to tinhnho123

‎09-12-2013 01:49 PM

Hi Tim,

There are 2 option to give an IP address to the client. First define the DHCP server and scope or Configure the vpn poool on the ASA (Easy way ). Please check the link below it will give you a step by step configuration of Anyconnect on ASA:

https://supportforums.cisco.com/docs/DOC-36073#comment-20895

www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml

Customers Also Viewed These Support Documents