Skip to main content

Cisco ASA - AnyConnect VPN

Enable webvpn

webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.0.00061-k9.pkg 1
 anyconnect image disk0:/anyconnect-macosx-i386-4.0.00061-k9.pkg 2
 anyconnect image disk0:/anyconnect-linux-64-4.0.00061-k9.pkg 3
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
ip local pool webvpn-ippool 172.28.38.10-172.28.38.250 mask 255.255.255.0
object network anyconnect_subnet
 subnet 172.28.38.0 255.255.255.0
 
object network internal_subnet
 subnet 172.28.37.0 255.255.255.0
nat (any,outside) source static internal_subnet internal_subnet destination static anyconnect_subnet anyconnect_subnet
group-policy SSLAccess internal
group-policy SSLAccess attributes
 address-pools value webvpn-ippool
 vpn-tunnel-protocol ssl-client
 split-tunnel-policy tunnelspecified
 
tunnel-group SSLAccess type remote-access
tunnel-group SSLAccess general-attributes
 default-group-policy SSLAccess
 tunnel-group SSLAccess webvpn-attributes
 group-alias VPN
username username password hhcZmvOYAh1el mschap privilege 0
username username attributes
 vpn-group-policy SSLAccess

SplitACL (optional)

group-policy SSLAccess attributes
 dns-server value 8.8.8.8 8.8.4.4
 split-tunnel-network-list value Split-ACL
access-list Split-ACL standard permit 172.28.38.0 255.255.255.0

 

Back to top