Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
5
Helpful
2
Replies

Anyconnect

Go to solution
gretnapd
Level 1
Level 1

‎03-13-2014 01:09 PM - edited ‎02-21-2020 07:33 PM

What are the proper (simplified) steps for enabling Anyconnect on an ASA.  Is purchasing a SSL certificate necessary? Thanks.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2014 03:04 PM

The AnyConnect client is used for either full tunnel SSL VPN or full tunnel IPsec (IKEv2). Either method requires an SSL certificate on your ASA. You can use self-signed, private CA, or public CA / RA as the source of your certificate. Cisco recommends the third option as it will be recognized as a trusted root CA automatically. Option 2 requires your clients import the root certificate from the sigining CA into their trusted root certificates store. Option 1 requires they import the self-signed certificate.

As far as setting it up, you can follow the remote acess VPN wizard in ASDM. If oyou go the public CA SSL certificate route, you should have that in hand ahead of time.

View solution in original post

Go to solution
jaykautar
Level 1
Level 1

‎03-13-2014 03:38 PM

You can use this configuration example: https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example Just used it two weeks ago and it works like a charm!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-13-2014 03:04 PM

The AnyConnect client is used for either full tunnel SSL VPN or full tunnel IPsec (IKEv2). Either method requires an SSL certificate on your ASA. You can use self-signed, private CA, or public CA / RA as the source of your certificate. Cisco recommends the third option as it will be recognized as a trusted root CA automatically. Option 2 requires your clients import the root certificate from the sigining CA into their trusted root certificates store. Option 1 requires they import the self-signed certificate.

As far as setting it up, you can follow the remote acess VPN wizard in ASDM. If oyou go the public CA SSL certificate route, you should have that in hand ahead of time.

Go to solution
jaykautar
Level 1
Level 1

‎03-13-2014 03:38 PM

You can use this configuration example: https://supportforums.cisco.com/document/74111/asa-anyconnect-ikev2-configuration-example Just used it two weeks ago and it works like a charm!
0 Helpful
Customers Also Viewed These Support Documents