Next, we’ll assign the specific attributes: corpasa(config)#tunnel-group SSLClient general-attributes corpasa(config-tunnel-general)#default-group-policy SSLCLient corpasa(config-tunnel-general)#tunnel-group SSLClient webvpn-attributes corpasa(config-tunnel-webvpn)#group-alias MY_RA enable corpasa(config-tunnel-webvpn)#webvpn corpasa(config-webvpn)#tunnel-group-list enable In our case, we’re configuring these remote access clients to use the Cisco An圜onnect SSL client, but you can also configure the tunnel groups to use IPsec, L2L, etc.įirst, let’s create the tunnel group SSL Client: corpasa(config)#tunnel-group SSLClient type remote-access
We’ll use this tunnel group to define the specific connection parameters we want them to use. Create a Connection Profile and Tunnel GroupĪs remote access clients connect to the ASA, they connect to a connection profile, which is also known as a tunnel group. corpasa(config)#sysopt connection permit-vpn corpasa(config)#ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0 corpasa(config)#group-policy SSLCLient internal corpasa(config)#group-policy SSLCLient attributes corpasa(config-group-policy)#dns-server value 192.168.200.5 corpasa(config-group-policy)#vpn-tunnel-protocol svc corpasa(config-group-policy)#default-domain value corpasa(config-group-policy)#address-pools value SSLClientPoolīy using the sysopt connect command we tell the ASA to allow the SSL/IPsec clients to bypass the interface access lists. The remote access clients will need to be assigned an IP address during login, so we’ll also set up a DHCP pool for them, but you could also use a DHCP server if you have one. In this case, we’ll create a group policy named SSLClient. Group Policies are used to specify the parameters that are applied to clients when they connect. Enable An圜onnect VPN Access corpasa(config)# webvpn corpasa(config-webvpn)# enable outside corpasa(config-webvpn)# svc enable corpasa(config)# webvpn corpasa(config-webvpn)# svc image disk0:/anyconnect-win-k9.pkg 1 In this case, we’re using only one client and giving it a priority of 1. Note that if you have more than one client, configure the most commonly used client to have the highest priority. corpasa(config)#copy t flashĪfter the file has been uploaded to the ASA, configure this file to be used for webvpn sessions.
#Reset cisco 5505 asa ssh anyconnect download#
After you select and download your client software, you can tftp it to your ASA. As you choose which image to download to your tftp server, remember that you will need a separate image for each OS that your users have. Upload the SSL VPN Client Image to the ASA
corpasa(config-ca-trustpoint)#subject-name CN= corpasa(config-ca-trustpoint)#keypair sslvpnkey corpasa(config-ca-trustpoint)#crypto ca enroll localtrust noconfirm corpasa(config)# ssl trust-point localtrust outside
corpasa(config)#crypto key generate rsa label sslvpnkey corpasa(config)#crypto ca trustpoint localtrust corpasa(config-ca-trustpoint)#enrollment self corpasa(config-ca-trustpoint)#fqdn sslvpn. You can purchase a certificate through a vendor such as Verisign, if you choose. Here I am creating a general purpose, self-signed, identity certificate named sslvpnkey and applying that certificate to the “outside” interface. Create a Connection Profile and Tunnel Group
There are eight basic steps in setting up remote access for users with the Cisco ASA. Lori Hyde shows you a simple eight-step process to setting up remote access for users with the Cisco ASA. Eight easy steps to Cisco ASA remote access setup
0 kommentar(er)
