! Create usernames that will use the An圜onnect remote access onlyĪSA(config)#username userA password test123ĪSA(config-username)# service-type remote-accessĪSA(config)#username userB password test12345 Nat (inside,outside) source static INSIDE-HOSTS INSIDE-HOSTS destination static VPN-HOSTS VPN-HOSTS
! Configure NAT exemption for traffic between internal LAN and remote usersĪSA(config)#access-list NONAT extended permit ip 192.168.5.0 255.255.255.0 192.168.100.0 255.255.255.0ĪSA(config)# nat (inside) 0 access-list NONAT ! Enable An圜onnect access on the outside ASA interface ! Specify the An圜onnect image to be downloaded by usersĪSA(config-webvpn)#anyconnect image disk0:/anyconnect-win-k9.pkg 1 Writing file disk0:/anyconnect-win-k9.pkg… You will need to download the appropriate software version according to the Operating System that your users have on their computers.Īssume the software vpn client file is “ anyconnect-win-k9.pkg”.Īddress or name of remote host ? 192.168.5.10ĭestination filename ? The first step is to obtain the An圜onnect client software from the Cisco Software Download Website. Therefore, after the remote user successfully authenticates on Cisco ASA with the An圜onnect client, he will receive an IP address in the range 192.168.100.1 to 50 and he will be able to access resources in the internal LAN network 192.168.5.0/24.
The internal ASA network will use subnet range 192.168.5.0/24 The remote users, after successful authentication, will receive an IP address from local ASA pool 192.168.100.1-50. The same configuration applies for newer versions of An圜onnect. I assume that we use the An圜onnect client version 2.0 which will be stored on ASA flash and uploaded to remote user on demand. In this post I will explain the technical details to configure An圜onnect SSL VPN on Cisco ASA 5500. You have also the option to uninstall the client from the remote user when he/she disconnects from the ASA.ĮDIT: My new ebook, “ Cisco VPN Configuration Guide – By Harris Andrea” provides a comprehensive technical tutorial about all types of VPNs that you can configure on Cisco Routers and ASA Firewalls (including of course SSL Anyconnect or IPSEC Remote Access VPNs).
The client can either be preinstalled to remote user’s PC or it can be loaded to ASA flash and uploaded to remote user’s PC when they connect to the ASA. The An圜onnect client software supports Windows Vista, XP, 2000, MAC OS X and Linux.