blog
    Cisco AnyConnect VPN 2.3 ...
    05 January 09

    Cisco AnyConnect VPN 2.3 Installations

    Posted byINE
    facebooktwitterlinkedin
    news-featured

    There are two phases of installation to consider, installing the AnyConnect VPN client files on the Adaptive Security Appliance (ASA) for automated download and install to systems, and the actual install on the remote PCs themselves. This document provides an overview of both phases.

    The files needed for installation are located at http://www.cisco.com/pcgi-bin/tablebuild.pl/anyconnect.

    Loading the AnyConnect VPN Software on the ASA

    Use the copy command to copy the image file to the flash of your ASA. Then use the svc image command from webvpn configuration mode to identify the file as the client package file. You can install many different packages for different operating systems and use the svc image command to order them from most popular (lowest number) to least popular (highest number).

    Enabling AnyConnect SSL VPN Connections on the ASA

    Here is sample configuration that enables the AnyConnect VPN client connections on the ASA:

    ASA1(config)# webvpn
    
ASA1(config-webvpn)# enable outside
    
ASA1(config-webvpn)# svc enable
    ASA1(config)# ip local pool ACVPN 192.168.1.225-192.168.1.250
    
mask 255.255.255.0
    ASA1(config)# tunnel-group REMOTEVPN general-attributes
    
ASA1(config-tunnel-general)# address-pool ACVPN
    
ASA1(config-tunnel-general)# default-group-policy SAMPLEDEFAULT
    ASA1(config)# tunnel-group REMOTEVPN webvpn-attributes
    
ASA1(config-tunnel-webvpn)# group-alias DEFAULT_ALIAS enable
    ASA1(config)# webvpn
    
ASA1(config-webvpn)# tunnel-group-list enable
    ASA1(config)# group-policy SAMPLEDEFAULT attributes
    
ASA1(config-group-policy)# webvpn
    
ASA1(config-group-webvpn)# vpn-tunnel-protocol svc

    Automating the Installation for Remote PCs

    Be sure to follow these recommendations:

    • If using a Certificate Authority (CA) for certificates on the ASA, configure the certificate as a trusted CA on client machines
    • If using a self-signed certificate on the ASA, install it as a trusted root certificate on client machines
    • Ensure the Common Name (CN) in the ASA certificates matches the name clients use to connect
    • If you are using Cisco Security Agent (CSA), warnings will most likely display to end users during install
    • For Microsoft Internet Explorer installations, install the ASA to the list of trusted sites; this may be automated using Active Directory

    For more information on the AnyConnect VPN Client, here are Google searches to use:

    site:cisco.com AnyConnect Release Notes

    site:cisco.com AnyConnect Administration Guide

    site:cisco.com Security Appliance Configuration Guide AnyConnect

    Hey! Don’t miss anything - subscribe to our newsletter!

    © 2022 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    Terms of servicePrivacy policy
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo