Solved: WebVPN Software Package for AnyConnect

Jeffrey Simon · ‎06-23-2013

I am trying to configure my 2821 router for AnyConnect following the below link:

http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml

I came to the following line but I can't find the webvpn package anywhere on the Cisco website. I do not have a windows machine available to me so I can't use CCP, as this guide advises. I can only configure this via command line.

webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

Can anyone advise where I can find this webvpn software package so I can continue with the configuration? Or can someone provide me another set of instructions to get this configured?

Thanks!

czaja0000 · ‎06-27-2013

Hi,

Jeffrey Simon napisano:
Thanks for the post.  I just checked out your link.  So if Iam to understand this correctly, if I am going to be having Mac and PC computers connecting via AnyConnect I would have to install the package mentioned above in addtion to "Web deployment package for Mac OS X "Intel" platforms" correct?

Yes, that's correct.

Explanation:

anyconnect-win-3.1.03103-k9.pkg -> Web deployment package for Windows platforms

anyconnect-macosx-i386-3.1.03103-k9.pkg -> Web deployment package for Mac OS X "Intel" platforms

anyconnect-macosx-i386-3.1.03103-k9.dmg -> Standalone DMG package for Mac OS X "Intel" platforms

anyconnect-linux-3.1.03103-k9.pkg -> Web deployment package for Linux platforms

anyconnect-predeploy-linux-3.1.03103-k9.tar.gz -> Standalone tarball package for Linux platforms

anyconnect-predeploy-linux-64-3.1.03103-k9.tar.gz -> Standalone package for 64-bit Linux platforms

Do you happen to have a better set of step-by-step instructions for getting the AnyConnect server running on my router?  The instructions I was able to find are really GUI based and I am looking to deploy this via command line.

I found some articles on the Internet,but I recommend Cisco documentation

Articles:

(I didn't analyze these documents thoroughly.)

Configuring Cisco SSL VPN AnyConnect (WebVPN) on Cisco IOS Routers

How to configure Cisco VPN SSL aka WebVPN/

Configuring Cisco AnyConnect Tunnel with the CLI

SSL VPN in IOS 12.4T

Cisco:

IOS 12.4T -> SSL VPN Configuration Guide - 12.4T

IOS 15 -> SSL VPN Configuration Guide -15M&T

________________

Best regards,
MB

Please rate all helpful posts

Thx

________________ Best regards, MB

View solution in original post

Richard Burts · ‎06-23-2013

I have done AnyConnect several times on ASA but not yet done it on IOS. So I have no direct experience as a guide in answering your question. But I am pretty sure that the svc_1.pkg is the AnyConnect software package that was downloaded or installed in step 1 of the instructions on the page that you linked to. I do not know if CCP gives it that name when it installs the software package or whether they just gave the software file a simplified name as they were creating the example to use in the documentation. But I believe that it shold work if you substitute the name of the AnyConnect software package in this command.

HTH

Rick

HTH

Rick

czaja0000 · ‎06-23-2013

Hi,

Jeffrey Simon napisano:
I am trying to configure my 2821 router for AnyConnect following the below link:
http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080af314a.shtml
I came to the following line but I can't find the webvpn package anywhere on the Cisco website.  I do not have a windows machine available to me so I can't use CCP, as this guide advises.  I can only configure this via command line.
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1

Can anyone advise where I can find this webvpn software package so I can continue with the configuration?  Or can someone provide me another set of instructions to get this configured?

Thanks!

1. I found, for example: anyconnect-win-2.5.6005-k9.pkg

Link

2. Instruction, how to configure webvpn packages in CLI.

First You need upload package to router flash:/webvpn

mkdir flash:/webvpn

copy tftp://xx.xx.xx.xx/anyconnect-win-2.4.0202-k9-k9.pkg flash:/webvpn/

webvpn install svc flash:/webvpn/anyconnect-win-2.4.0202-k9.pkg sequence 1

________________

Best regards,
MB

________________ Best regards, MB

Jeffrey Simon · ‎06-26-2013

Thanks for the post. I just checked out your link. So if Iam to understand this correctly, if I am going to be having Mac and PC computers connecting via AnyConnect I would have to install the package mentioned above in addtion to "Web deployment package for Mac OS X "Intel" platforms" correct?

Do you happen to have a better set of step-by-step instructions for getting the AnyConnect server running on my router? The instructions I was able to find are really GUI based and I am looking to deploy this via command line.

Thank you for the help,

Jeff

czaja0000 · ‎06-27-2013

Hi,

Jeffrey Simon napisano:
Thanks for the post.  I just checked out your link.  So if Iam to understand this correctly, if I am going to be having Mac and PC computers connecting via AnyConnect I would have to install the package mentioned above in addtion to "Web deployment package for Mac OS X "Intel" platforms" correct?

Yes, that's correct.

Explanation:

anyconnect-win-3.1.03103-k9.pkg -> Web deployment package for Windows platforms

anyconnect-macosx-i386-3.1.03103-k9.pkg -> Web deployment package for Mac OS X "Intel" platforms

anyconnect-macosx-i386-3.1.03103-k9.dmg -> Standalone DMG package for Mac OS X "Intel" platforms

anyconnect-linux-3.1.03103-k9.pkg -> Web deployment package for Linux platforms

anyconnect-predeploy-linux-3.1.03103-k9.tar.gz -> Standalone tarball package for Linux platforms

anyconnect-predeploy-linux-64-3.1.03103-k9.tar.gz -> Standalone package for 64-bit Linux platforms

Do you happen to have a better set of step-by-step instructions for getting the AnyConnect server running on my router?  The instructions I was able to find are really GUI based and I am looking to deploy this via command line.

I found some articles on the Internet,but I recommend Cisco documentation

Articles:

(I didn't analyze these documents thoroughly.)

Configuring Cisco SSL VPN AnyConnect (WebVPN) on Cisco IOS Routers

How to configure Cisco VPN SSL aka WebVPN/

Configuring Cisco AnyConnect Tunnel with the CLI

SSL VPN in IOS 12.4T

Cisco:

IOS 12.4T -> SSL VPN Configuration Guide - 12.4T

IOS 15 -> SSL VPN Configuration Guide -15M&T

________________

Best regards,
MB

Please rate all helpful posts

Thx

________________ Best regards, MB

Jeffrey Simon · ‎06-27-2013

Is there any way someone could post a running config for SSL VPN? I would like to use anyconnect to connect to my router and get a DHCP address from my router. I would like full access to all of my LAN resources like I am physically connected to my network. I think that SSL VPN is the technology I should be using, but I am not even 100% sure about that.

Thanks in advance!

Jeffrey Simon · ‎06-27-2013

So this is what I have configured thus far:

routera#show run | sec vpn

webvpn gateway GW_1

hostname VPN_1

ip interface GigabitEthernet0/0 port 4848

ssl encryption aes-sha1

ssl trustpoint TP-self-signed-3369674309

logging enable

inservice

When I trying to connect via AnyConnect MacOS X client I get the following error:

[Jun 27, 2013 4:09:32 PM] Contacting XXX.XXX.XXX.XXX:4848

[Jun 27, 2013 4:09:33 PM] Connection attempt has failed.

[Jun 27, 2013 4:09:38 PM] Connection attempt has failed.

[Jun 27, 2013 4:09:39 PM] No valid certificates available for authentication.

[Jun 27, 2013 4:09:39 PM] Connection attempt has failed.

From what I see on the AnyConnect client there is no way to utilize a login and password. Do I need to download some kind of certificate to my computer and associate my computer with the server? If so, how would I go about doing so?

Thank you in advance.

BEN ROBINSON · ‎06-28-2013

You'll need to generate a new RSA keypair and then do a self-signed for the webvpn gateway or else get a public CA cert