Anyconnect VPN

332953358 · ‎12-11-2022

Problem: webvpn cannot be accessed through ISP。

ASA Version 9.1(6)
hostname ciscoasa
names
ip local pool ssl-pool 10.0.255.100-10.0.255.200 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 122.122.122.50 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.88.1 255.255.255.0
!
ftp mode passive
same-security-traffic permit intra-interface
object network obj-ssl
subnet 10.0.255.0 255.255.255.0
object network local
subnet 192.168.88.0 255.255.255.0

nat (inside,outside) source static local local destination static obj-ssl obj-ssl
!
object network local
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 122.122.122.49 1

dhcpd address 192.168.88.100-192.168.88.200 inside
dhcpd dns 202.101.172.35 interface inside
dhcpd option 3 ip 192.168.88.1 interface inside
dhcpd enable inside
!
webvpn
enable outside
enable inside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-4.10.06079-webdeploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macos-4.10.06079-webdeploy-k9.pkg 2
anyconnect enable
tunnel-group-list enable

group-policy ssl-policy internal
group-policy ssl-policy attributes
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelall

username test password t.ydfkL/SuCNgO.I encrypted

tunnel-group ssl-tunnel type remote-access
tunnel-group ssl-tunnel general-attributes
address-pool ssl-pool
default-group-policy ssl-policy

tunnel-group ssl-tunnel webvpn-attributes
group-alias TEST_GROUP enable