Loading ...There are two phases of installation to consider, installing the AnyConnect VPN client files on the Adaptive Security Appliance (ASA) for automated download and install to systems, and the actual install on the remote PCs themselves. This document provides an overview of both phases.
The files needed for installation are located at http://www.cisco.com/pcgi-bin/tablebuild.pl/anyconnect.
Loading the AnyConnect VPN Software on the ASA
Use the copy command to copy the image file to the flash of your ASA. Then use the svc image command from webvpn configuration mode to identify the file as the client package file. You can install many different packages for different operating systems and use the svc image command to order them from most popular (lowest number) to least popular (highest number).
Enabling AnyConnect SSL VPN Connections on the ASA
Here is sample configuration that enables the AnyConnect VPN client connections on the ASA:
ASA1(config)# webvpn ASA1(config-webvpn)# enable outside ASA1(config-webvpn)# svc enable
ASA1(config)# ip local pool ACVPN 192.168.1.225-192.168.1.250 mask 255.255.255.0
ASA1(config)# tunnel-group REMOTEVPN general-attributes ASA1(config-tunnel-general)# address-pool ACVPN ASA1(config-tunnel-general)# default-group-policy SAMPLEDEFAULT
ASA1(config)# tunnel-group REMOTEVPN webvpn-attributes ASA1(config-tunnel-webvpn)# group-alias DEFAULT_ALIAS enable
ASA1(config)# webvpn ASA1(config-webvpn)# tunnel-group-list enable
ASA1(config)# group-policy SAMPLEDEFAULT attributes ASA1(config-group-policy)# webvpn ASA1(config-group-webvpn)# vpn-tunnel-protocol svc
Automating the Installation for Remote PCs
Be sure to follow these recommendations:
- If using a Certificate Authority (CA) for certificates on the ASA, configure the certificate as a trusted CA on client machines
- If using a self-signed certificate on the ASA, install it as a trusted root certificate on client machines
- Ensure the Common Name (CN) in the ASA certificates matches the name clients use to connect
- If you are using Cisco Security Agent (CSA), warnings will most likely display to end users during install
- For Microsoft Internet Explorer installations, install the ASA to the list of trusted sites; this may be automated using Active Directory
For more information on the AnyConnect VPN Client, here are Google searches to use:
site:cisco.com AnyConnect Release Notes
site:cisco.com AnyConnect Administration Guide
site:cisco.com Security Appliance Configuration Guide AnyConnect
Anthony maybe you can help me with a problem I am having with AnyConnect. I can get the users connected to the local resources (mapped drives, applications) but they are not able to access the Internet. Any thoughts? Thanks!
This document should be of assistance.
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml
Chris, are you terminating the vpn on the same device that you are trying to go back out to the Internet? If so, check this out
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080972e4f.shtml
hth,
Rob
To specify exactly which SVC versions users are provided with, one can use:
webvpn
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.3.0254-k9.pkg 2
svc image disk0:/anyconnect-macosx-powerpc-2.3.0254-k9.pkg 3
svc image disk0:/anyconnect-linux-2.3.0254-k9.pkg 4
svc image disk0:/anyconnect-wince-ARMv4I-2.3.0254-k9.pkg 5
Anthony, could you please consult me on anyconnect client. I have downloaded it from cisco and installed on my laptop. After I have started it i’ve got window with “connect to” option without credential fields. How can I get them?
Best regards,
Sergey
Dear Sir, pla give me ur up dats about VPN.
Regards,
Rony J
Could you help about the followings:
I have a working annyconnect system, I have three different group policies.
There are a few “userS” who could connect two (or three) one. I like to make a “default” group policy on the client list, therefore they could use the most secure for default.
Regards,
Attila Peter