Menu

Poland

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Sweden

Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

  • en
  • pl
  • se

    • Cisco ASA: Cisco Anyconnect configuration

    Home Knowledge BaseDesign & ConfigureCisco ASA: Cisco Anyconnect configuration

    Design & Configure

    Cisco ASA: Cisco Anyconnect configuration

    Technology: FIREWALLS

    Area: VPN

    Vendor: CISCO

    Software: CISCO ADAPTIVE SECURITY APPLIANCE (ASA) , ASA-OS

    Platform: CISCO ASA 5500, 5500-X

     

     

    Ready to migrate from ASA to a supported firewall solution

    Cisco Anyconnect Secure Mobility Client is a software user-friendly application which creates a VPN tunnel with a VPN head end. Anyconnet by default uses SSL protocol to encrypt packets (can use also ikev2 / IPSec protocols).

     

    1. Cisco anyconnect image definition:

    webvpn
    enable outside
    anyconnect-essentials
    anyconnect image disk0:/anyconnect-win-4.1.02011-k9.pkg 1
    anyconnect image disk0:/anyconnect-macosx-i386-4.1.02011-k9.pkg 2
    anyconnect enable
    tunnel-group-list enable

     

    2. Local pool for IP addressing of anyconnect clients

    ip local pool ACPOOL 172.19.0.1-172.19.0.254 mask 255.255.255.0

     

    3. Nat exemption for excluding VPN traffic:

    nat (inside,outside) source static DC DC destination static AC AC

     

    4. Group policy definition for use in tunnel-group:

    group-policy admin internal
    group-policy admin attributes
    banner value Welcome!
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value ACSPLIT
    default-domain value grandmetric.cloud
    split-tunnel-all-dns disable
    address-pools value ACPOOL
    webvpn
    anyconnect ask enable

     

    5. Tunnel Group definition:


    tunnel-group admin type remote-access
    tunnel-group admin general-attributes
    default-group-policy admin
    tunnel-group admin webvpn-attributes
    group-alias admin enable

     

    For quick troubleshooting:

    GPD-FW-01# show vpn-sessiondb anyconnect
    Session Type: AnyConnect
    Username : admin Index : 6
    Assigned IP : 172.19.0.1 Public IP : 83.20.185.7
    Protocol : AnyConnect-Parent SSL-Tunnel
    License : AnyConnect Essentials
    Encryption : AnyConnect-Parent: (1)none SSL-Tunnel: (1)AES128
    Hashing : AnyConnect-Parent: (1)none SSL-Tunnel: (1)SHA1
    Bytes Tx : 12570 Bytes Rx : 882
    Group Policy : admin Tunnel Group : admin
    Login Time : 15:19:55 PL Tue Aug 2 2016
    Duration : 0h:00m:07s
    Inactivity : 0h:00m:00s
    VLAN Mapping : N/A VLAN : none
    Audt Sess ID : c0a801010000600057a09dfb
    Security Grp : none
    GPD-FW-01#

    Author: Marcin Bialy
     

    Cisco Firepower up to 60% discount

    Place an order and get discounted Cisco FirePOWER or schedule
    a call with Grandmetric Engineer

    Get Quote
    Tags
    active standby Adaptive Security Appliance authentication authorization broadcast Cisco Cisco ASA Firepower cisco EIGRP Cisco FMC Cisco FMC - installing certificate for pxGRID cisco ise cisco ise deployment config configuration containers devops docker dockerfile eigrp Enhanced Interior Gateway Routing Protocol firewall high availability How to install FMC Cisco identity services engine interface ise deployment ise distributed deployment ospf radius router routing security context virtual firewall VLAN
    Grandmetric