![]() corpasa(config)#ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0 corpasa(config)#group-policy SSLCLient internal corpasa(config)#group-policy SSLCLient attributes corpasa(config-group-policy)#dns-server value 192.168.200.5 corpasa(config-group-policy)#vpn-tunnel-protocol svc corpasa(config-group-policy)#default-domain value corpasa(config-group-policy)#address-pools value SSLClientPool Step 5. The remote access clients will need to be assigned an IP address during login, so we'll also set up a DHCP pool for them, but you could also use a DHCP server if you have one. In this case, we'll create a group policy named SSLClient. ![]() Group Policies are used to specify the parameters that are applied to clients when they connect. Enable An圜onnect VPN Access corpasa(config)# webvpn corpasa(config-webvpn)# enable outside corpasa(config-webvpn)# svc enable Step 4. corpasa(config)# webvpn corpasa(config-webvpn)# svc image disk0:/anyconnect-win-k9.pkg 1 Step 3. In this case, we're using only one client and giving it a priority of 1. Note that if you have more than one client, configure the most commonly used client to have the highest priority. corpasa(config)#copy t flashĪfter the file has been uploaded to the ASA, configure this file to be used for webvpn sessions. After you select and download your client software, you can tftp it to your ASA. As you choose which image to download to your tftp server, remember that you will need a separate image for each OS that your users have. Upload the SSL VPN Client Image to the ASA corpasa(config-ca-trustpoint)#subject-name CN= corpasa(config-ca-trustpoint)#keypair sslvpnkey corpasa(config-ca-trustpoint)#crypto ca enroll localtrust noconfirm corpasa(config)# ssl trust-point localtrust outside Step 2. corpasa(config)#crypto key generate rsa label sslvpnkey corpasa(config)#crypto ca trustpoint localtrust corpasa(config-ca-trustpoint)#enrollment self corpasa(config-ca-trustpoint)#fqdn sslvpn. You can purchase a certificate through a vendor such as Verisign, if you choose. Here I am creating a general purpose, self-signed, identity certificate named sslvpnkey and applying that certificate to the "outside" interface. Create a Connection Profile and Tunnel Group There are eight basic steps in setting up remote access for users with the Cisco ASA.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |