Cisco ASA AnyConnect SSL VPN

As promised, here is the summarised walkthrough for getting ASA AnyConnect SSL VPN’s setup on their ASA with a quick copy/paste. It’s again, a convenient note to myself and saves me having to trawl around finding Cisco’s documentation. That being said, the documentation for this particular config is exceptionally good and this is shamelessly ripped from this Configuration Guide simply using the important assumptions from the last RA VPN post I created.

Extra Assumptions from the last post:

  • You’re using the latest (as of writing) AnyConnect SVC images 2.3.0254
  • Your edge device is called firewall and your internet domain name is 😉 – seriously though, your certificate fqdn which you use in the config here should resolve to the firewalls interface IP that you’re expecting to connect to or you’ll have to punch through all the browser warnings of the certificate being invalid.

crypto key generate rsa label sslvpnkeypair
crypto ca trustpoint localtrust
enrollment self
keypair sslvpnkeypair
crypto ca enroll localtrust noconfirm
ssl trust-point localtrust outside
svc image disk0:/anyconnect-win-2.3.0254-k9.pkg 1
svc image disk0:/anyconnect-linux-2.3.0254-k9.pkg 2
enable outside
svc enable
ip local pool SSLClientPool mask
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value
vpn-tunnel-protocol svc
default-domain value internaldomain.local
address-pools value SSLClientPool
sysopt connection permit-vpn
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLCLientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
tunnel-group-list enable
access-list nonat_inside extended permit ip any
username localvpnuser password 12345678 privilege 0
username localvpnuser attributes
service-type remote-access

Hope this helps!

One thought on “Cisco ASA AnyConnect SSL VPN”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s