CISCO Anyconnect ACCESS: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 46: Zeile 46:
 
*ciscoasa(config)#  group-policy sales attributes  
 
*ciscoasa(config)#  group-policy sales attributes  
 
*ciscoasa(config-group-policy)# vpn-tunnel-protocol ikev1
 
*ciscoasa(config-group-policy)# vpn-tunnel-protocol ikev1
 +
 +
=Anyconnect von der ASDM=
 +
<pre>
 +
ip local pool xinux-address-pool 192.168.68.11-192.168.68.20 mask 255.255.255.0
 +
 +
object network NETWORK_OBJ_192.168.68.0_27
 +
subnet 192.168.68.0 255.255.255.224
 +
nat (if-inside,if-outside) source static any any destination static NETWORK_OBJ_192.168.68.0_27 NETWORK_OBJ_192.168.68.0_27 no-proxy-arp route-lookup
 +
webvpn       
 +
enable if-outside
 +
anyconnect image disk0:/anyconnect-win-2.3.2016-k9.pkg 1
 +
anyconnect image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 +
anyconnect image disk0:/anyconnect-linux-2.3.2016-k9.pkg 3
 +
anyconnect enable
 +
tunnel-group-list enable
 +
group-policy GroupPolicy_xinux-anyconnect-profile internal
 +
group-policy GroupPolicy_xinux-anyconnect-profile attributes
 +
wins-server none
 +
dns-server value 192.168.240.200
 +
vpn-tunnel-protocol ssl-client
 +
default-domain value xinux.org
 +
username david password 0Br2FOp1w3TflBlH encrypted
 +
username admin password 06booZwyTnK6xj53 encrypted privilege 15
 +
username thomas password LVVNDGiRI9EzFf1b encrypted
 +
tunnel-group xinux-anyconnect-profile type remote-access
 +
tunnel-group xinux-anyconnect-profile general-attributes
 +
address-pool xinux-address-pool
 +
default-group-policy GroupPolicy_xinux-anyconnect-profile
 +
tunnel-group xinux-anyconnect-profile webvpn-attributes
 +
group-alias xinux-anyconnect-profile enable
 +
 +
 +
</pre>
  
 
=Links=
 
=Links=
 
*http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html
 
*http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html
 +
*http://www.cisco.com/c/en/us/support/docs/security/adaptive-security-device-manager/118842-technote-asdm-00.html

Aktuelle Version vom 16. Februar 2016, 17:21 Uhr

Anyconnect images bereitstellen

Identifzieren

  • ciscoasa# dir any*
Directory of disk0:/any*

109    -rwx  2672571      12:58:22 Feb 16 2016  anyconnect-win-2.3.2016-k9.pkg
112    -rwx  4293149      12:59:07 Feb 16 2016  anyconnect-linux-2.3.2016-k9.pkg
113    -rwx  4246430      13:05:44 Feb 16 2016  anyconnect-macosx-i386-2.3.2016-k9.pkg

127111168 bytes total (6127616 bytes free)

Zuordnen

  • ciscoasa# configure terminal
  • ciscoasa(config)# webvpn
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-win-2.3.2016-k9.pkg 1
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-macosx-i386-2.3.2016-k9.pkg 2
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-linux-2.3.2016-k9.pkg 3

Interface aktivieren

  • ciscoasa(config-webvpn)# enable if-outside
INFO: WebVPN and DTLS are enabled on 'if-outside'.

Anyconnect aktivieren

  • ciscoasa(config-webvpn)# anyconnect enable
  • ciscoasa(config-webvpn)# exit

IP Pool anlegen

  • ciscoasa(config)# ip local pool anyconnect-pool 172.29.29.11-172.29.29.20 mask 255.255.255.0

Tunnelgruppe bestimmen

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group type remote-access
  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
  • ciscoasa(config-tunnel-general)# address-pool anyconnect-pool

keine ahnung wozu?

  • ciscoasa(config)# group-policy sales internal
  • hostname(config)# group-policy sales attributes
  • hostname(config-group-policy)# webvpn
  • hostname(config-group-policy)# anyconnect keep-installer installed

Assigns a default group policy to the tunnel group.

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
  • ciscoasa(config-tunnel-general)# default-group-policy sales

Enables the display of the tunnel-group

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group webvpn-attributes
  • ciscoasa(config-tunnel-webvpn)# group-alias sales_department enable

Specifies the AnyConnect client as a permitted VPN tunneling protocol for the group or user

  • ciscoasa(config)# webvpn
  • ciscoasa(config-webvpn)# tunnel-group-list enable

vpn-tunnel-protocol

  • ciscoasa(config)# group-policy sales attributes
  • ciscoasa(config-group-policy)# vpn-tunnel-protocol ikev1

Anyconnect von der ASDM

ip local pool xinux-address-pool 192.168.68.11-192.168.68.20 mask 255.255.255.0

object network NETWORK_OBJ_192.168.68.0_27
 subnet 192.168.68.0 255.255.255.224
nat (if-inside,if-outside) source static any any destination static NETWORK_OBJ_192.168.68.0_27 NETWORK_OBJ_192.168.68.0_27 no-proxy-arp route-lookup
webvpn        
 enable if-outside
 anyconnect image disk0:/anyconnect-win-2.3.2016-k9.pkg 1
 anyconnect image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 anyconnect image disk0:/anyconnect-linux-2.3.2016-k9.pkg 3
 anyconnect enable
 tunnel-group-list enable
group-policy GroupPolicy_xinux-anyconnect-profile internal
group-policy GroupPolicy_xinux-anyconnect-profile attributes
 wins-server none
 dns-server value 192.168.240.200
 vpn-tunnel-protocol ssl-client 
 default-domain value xinux.org
username david password 0Br2FOp1w3TflBlH encrypted
username admin password 06booZwyTnK6xj53 encrypted privilege 15
username thomas password LVVNDGiRI9EzFf1b encrypted
tunnel-group xinux-anyconnect-profile type remote-access
tunnel-group xinux-anyconnect-profile general-attributes
 address-pool xinux-address-pool
 default-group-policy GroupPolicy_xinux-anyconnect-profile
tunnel-group xinux-anyconnect-profile webvpn-attributes
 group-alias xinux-anyconnect-profile enable

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=CISCO_Anyconnect_ACCESS&oldid=8454