Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
0
Helpful
5
Replies

Cleint SSL VPN

Muthukumar P
Level 1
Level 1

‎12-11-2017 01:37 AM - edited ‎03-12-2019 04:49 AM

HI Team,

                 Kindly provide the configuration example for client SSL VPN in ASA 5520..If get the configuration CLI mode as well..

 

Thanks

Muthukumar

Labels:
0 Helpful
5 Replies 5

Bogdan Nita
VIP Alumni
VIP Alumni

‎12-11-2017 02:03 AM

There are a lot of options available to configure with Anyconnect, so I am not really sure what you are trying to achieve.

Here is a basic Anyconnect config to get you started:

 

ENABLE WEBVPN:

ASA(config)# webvpn
ASA(config-webvpn)# enable outside
ASA(config-webvpn)# anyconnect image disk0:/<anyconnect_pkg>
ASA(config-webvpn)# anyconnect enable
ASA(config-webvpn)# exit

LOCAL USER:

ASA(config)# username test password test123
ASA(config)# username test attributes
ASA(config-username)# service-type remote-access
ASA(config)# exit

CREATE IP POOL:

ASA(config)# ip local pool VPN-POOL 192.168.0.1-192.168.0.254 mask 255.255.255.0

GROUP-POLICY:

ASA(config)# group-policy TEST internal
ASA(config)# group-policy TEST attributes
ASA(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless
ASA(config-group-policy)# address-pools value VPN-POOL
ASA(config-group-policy)# exit

TUNNEL-GROUP:

ASA(config)# tunnel-group TEST type remote-access
ASA(config)# tunnel-group TEST general-attributes
ASA(config-tunnel-general)# default-group-policy TEST
ASA(config-tunnel-general)# exit
ASA(config)# tunnel-group TEST webvpn-attributes
ASA(config-tunnel-webvpn)# group-alias ANYCONNECT-TEST
ASA(config-tunnel-webvpn)# exit

 

At this point you should be able to connect using Anyconnect by entering the IP or hostname of the outside interface. If you do not already have Anyconnect installed you can connect with your browser (also using ASA outside IP) and download and install Anyconnect.

0 Helpful

Muthukumar P
Level 1
Level 1
In response to Bogdan Nita

‎12-12-2017 09:30 PM

HI,

        Thanks for your response , today only going to configure the same, Can you confirm suggested VPN software version and client version

Thanks

Muthukumar

0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni
In response to Muthukumar P

‎12-13-2017 01:39 AM

I am not sure what you mean by VPN software version and client version. Anyconnect is running only on client side and it is usually downloaded from the ASA.

I've been using 4.4 for a while now without notable problems, but you should check the release notes for further details:

https://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/products-release-notes-list.html

0 Helpful

Muthukumar P
Level 1
Level 1
In response to Bogdan Nita

‎12-13-2017 01:43 AM

HI,

     Any software need to be installed in ASA for VPN apart firmware version

Thanks

Muthukumar

0 Helpful
Customers Also Viewed These Support Documents