Network

How to configure AnyConnect SSL VPN Client Connections

The Cisco AnyConnect Secure Mobility Client provides secure SSL and IPsec/IKEv2 connections to the ASA for remote users. Without a previously installed client, remote users enter the IP address in their browser of an interface configured to accept SSL or IPsec/IKEv2 VPN connections. To accomplish this, follow the steps below.

Step 1: First define the local ip pool

TestASA(config)# ip local pool VPN_testUsers 192.168.xxx.45-192.168.xxx.60 mask 255.255.xxx.0
TestASA# show disk0: | in pkg
8x.97.xxx.143/26

Step 2: Configuring a Network object

Note: the "!" are just comments, dont include them
TestASA(config)# !creating a network object via the command line
TestASA(config)# object network Chris_ACl
TestASA(config-network-object)#
TestASA(config-network-object)# !now define the type of network object it is that you want to create
TestASA(config-network-object)#
TestASA(config-network-object)# subnet 192.168.xxx.0 255.255.xxx.0
TestASA(config-network-object)#

Step 3: Enabling HTTP Server

TestASA(config-if)# http server enable
TestASA(config)# http http 192.168.xxx.0 255.255.xxx.0 inside

Step 4: Enabling telnet via the console

TestASA(config)# telnet 192.168.xxx.0 255.255.xxx.0 inside
TestASA(config)#
TestASA(config)# !note, telnet cannot be performed from an outside network
TestASA(config)# !and that we can connect from the network specified
TestASA(config)# !and we are connecting from inside
TestASA(config)#
TestASA(config)# passwd cisco
TestASA(config)# telnet timeout 1000
TestASA(config)# !here we specified the password and also the telnet timeout of 1000s

Step 5: Enabling SSH (secure shell) via the console

TestASA(config)# !you have to generate the RSA key
TestASA(config)# Crypto key generate rsa modulus 1024
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...
TestASA(config)#
TestASA(config)# ssh 192.168.xxx.0 255.255.xxx.0 inside
TestASA(config)# !Note: you can specify a single host (node) as well as it regards to your setup
TestASA(config)#
TestASA(config)# !note, telnet cannot be performed from an outside network
TestASA(config)# !and that we can connect from the network specified
TestASA(config)# !and we are connecting from inside
TestASA(config)#
TestASA(config)# passwd cisco
TestASA(config)# ssh timeout 10
TestASA(config)# !here we specified the password and also the SSH timeout of 10s
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x