Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
0
Helpful
6
Replies

Cisco ASA help with remote VPN

Martin B
Level 1
Level 1

‎09-06-2018 03:50 AM

Our current setup has an ASA 5520 9.1 (7) 13

 

We use AnyConnect for our remote VPN clients. (Clients have the Any connect client pre –installed on their laptops.)

 

It uses IPsec v2 and an internal address pool for IP assignment.

 

  1. We have the need to use our Internal Windows DHCP server for all address assignment.

 

Whilst maintaining our current setup can we add another remote connection that is identical to the first one except that it picks up its addresses from our internal Windows DHCP server?

 

If so how do we do this please?

Labels:
0 Helpful
6 Replies 6

Martin B
Level 1
Level 1
In response to ssjknight

‎09-06-2018 05:05 AM

we have one connection profile set up using an internal address pool x.x.99.0

 

Can we have another connection profile on the ASA that uses our internal DHCP server x.x.77.0

at the same time?

0 Helpful

Rob Ingram
VIP
VIP
In response to Martin B

‎09-06-2018 06:20 AM

Hi,
Yes, you'd create another Conneciton Profile/Tunnel-group (via CLI) and reference the DHCP server. On the AnyConnect client you would then select the new connection profile.

HTH
0 Helpful

Martin B
Level 1
Level 1
In response to Rob Ingram

‎09-07-2018 01:42 AM

Appreciate your reply,

 

I had set up the new tunnel group which referenced the DHCP servers (although I did this via ASDM...Does this matter?)

 

I created a new AnyConnect client profile via the ASDM and exported this to my test laptop.

 

I removed the original AnyConnectprofile.xml from the test laptop and replaced it with the profile I created on the ASA via ASDM.

 

When I try to connect now it still connects via the original tunnel group...?

And it downloads the original AnyConnectprofile.xml and replaces the one I have just copied in.

 

Q. What am I missing?

Q. What links the profile on my test laptop to the new tunnel group?

 

Thanks in advance

 

Martin

0 Helpful

Rob Ingram
VIP
VIP
In response to Martin B

‎09-07-2018 01:54 AM

If you use the AnyConnect Profile Editor, modify your existing anyconnect profile and add a 2nd configuration for the other tunnel group, you'd specify the new tunnel-group. When the profile is loaded on the laptop, you'd have a drop-down list and can select either tunnel-group.

HTH
0 Helpful

Martin B
Level 1
Level 1
In response to Rob Ingram

‎09-07-2018 02:03 AM

Hi,

 

I need to keep the original client profile as it is currently being used.

I created a new profile which was identical except for the hostname.

Which part of the client profile is the bit that references the new tunnel group?

I can't see anything in my original profile which references my original tunnel group?

 

 

0 Helpful
Customers Also Viewed These Support Documents