CISCO Anyconnect ACCESS

Aus Xinux Wiki
Version vom 16. Februar 2016, 17:21 Uhr von Thomas (Diskussion | Beiträge) (→‎Links)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Anyconnect images bereitstellen

Identifzieren

  • ciscoasa# dir any*
Directory of disk0:/any*

109    -rwx  2672571      12:58:22 Feb 16 2016  anyconnect-win-2.3.2016-k9.pkg
112    -rwx  4293149      12:59:07 Feb 16 2016  anyconnect-linux-2.3.2016-k9.pkg
113    -rwx  4246430      13:05:44 Feb 16 2016  anyconnect-macosx-i386-2.3.2016-k9.pkg

127111168 bytes total (6127616 bytes free)

Zuordnen

  • ciscoasa# configure terminal
  • ciscoasa(config)# webvpn
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-win-2.3.2016-k9.pkg 1
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-macosx-i386-2.3.2016-k9.pkg 2
  • ciscoasa(config-webvpn)# anyconnect image anyconnect-linux-2.3.2016-k9.pkg 3

Interface aktivieren

  • ciscoasa(config-webvpn)# enable if-outside
INFO: WebVPN and DTLS are enabled on 'if-outside'.

Anyconnect aktivieren

  • ciscoasa(config-webvpn)# anyconnect enable
  • ciscoasa(config-webvpn)# exit

IP Pool anlegen

  • ciscoasa(config)# ip local pool anyconnect-pool 172.29.29.11-172.29.29.20 mask 255.255.255.0

Tunnelgruppe bestimmen

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group type remote-access
  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
  • ciscoasa(config-tunnel-general)# address-pool anyconnect-pool

keine ahnung wozu?

  • ciscoasa(config)# group-policy sales internal
  • hostname(config)# group-policy sales attributes
  • hostname(config-group-policy)# webvpn
  • hostname(config-group-policy)# anyconnect keep-installer installed

Assigns a default group policy to the tunnel group.

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
  • ciscoasa(config-tunnel-general)# default-group-policy sales

Enables the display of the tunnel-group

  • ciscoasa(config)# tunnel-group anyconnect-tunnel-group webvpn-attributes
  • ciscoasa(config-tunnel-webvpn)# group-alias sales_department enable

Specifies the AnyConnect client as a permitted VPN tunneling protocol for the group or user

  • ciscoasa(config)# webvpn
  • ciscoasa(config-webvpn)# tunnel-group-list enable

vpn-tunnel-protocol

  • ciscoasa(config)# group-policy sales attributes
  • ciscoasa(config-group-policy)# vpn-tunnel-protocol ikev1

Anyconnect von der ASDM

ip local pool xinux-address-pool 192.168.68.11-192.168.68.20 mask 255.255.255.0

object network NETWORK_OBJ_192.168.68.0_27
 subnet 192.168.68.0 255.255.255.224
nat (if-inside,if-outside) source static any any destination static NETWORK_OBJ_192.168.68.0_27 NETWORK_OBJ_192.168.68.0_27 no-proxy-arp route-lookup
webvpn        
 enable if-outside
 anyconnect image disk0:/anyconnect-win-2.3.2016-k9.pkg 1
 anyconnect image disk0:/anyconnect-macosx-i386-2.3.2016-k9.pkg 2
 anyconnect image disk0:/anyconnect-linux-2.3.2016-k9.pkg 3
 anyconnect enable
 tunnel-group-list enable
group-policy GroupPolicy_xinux-anyconnect-profile internal
group-policy GroupPolicy_xinux-anyconnect-profile attributes
 wins-server none
 dns-server value 192.168.240.200
 vpn-tunnel-protocol ssl-client 
 default-domain value xinux.org
username david password 0Br2FOp1w3TflBlH encrypted
username admin password 06booZwyTnK6xj53 encrypted privilege 15
username thomas password LVVNDGiRI9EzFf1b encrypted
tunnel-group xinux-anyconnect-profile type remote-access
tunnel-group xinux-anyconnect-profile general-attributes
 address-pool xinux-address-pool
 default-group-policy GroupPolicy_xinux-anyconnect-profile
tunnel-group xinux-anyconnect-profile webvpn-attributes
 group-alias xinux-anyconnect-profile enable

Links

Abgerufen von „http://wiki.ixheim.de/index.php?title=CISCO_Anyconnect_ACCESS&oldid=8454