Anyconnect images bereitstellen

Identifzieren

• ciscoasa# dir any*

Directory of disk0:/any*

109    -rwx  2672571      12:58:22 Feb 16 2016  anyconnect-win-2.3.2016-k9.pkg
112    -rwx  4293149      12:59:07 Feb 16 2016  anyconnect-linux-2.3.2016-k9.pkg
113    -rwx  4246430      13:05:44 Feb 16 2016  anyconnect-macosx-i386-2.3.2016-k9.pkg

127111168 bytes total (6127616 bytes free)

Zuordnen

• ciscoasa# configure terminal
• ciscoasa(config)# webvpn
• ciscoasa(config-webvpn)# anyconnect image anyconnect-win-2.3.2016-k9.pkg 1
• ciscoasa(config-webvpn)# anyconnect image anyconnect-macosx-i386-2.3.2016-k9.pkg 2
• ciscoasa(config-webvpn)# anyconnect image anyconnect-linux-2.3.2016-k9.pkg 3

Interface aktivieren

• ciscoasa(config-webvpn)# enable if-outside

INFO: WebVPN and DTLS are enabled on 'if-outside'.

Anyconnect aktivieren

• ciscoasa(config-webvpn)# anyconnect enable
• ciscoasa(config-webvpn)# exit

IP Pool anlegen

• ciscoasa(config)# ip local pool anyconnect-pool 172.29.29.11-172.29.29.20 mask 255.255.255.0

Tunnelgruppe bestimmen

• ciscoasa(config)# tunnel-group anyconnect-tunnel-group type remote-access
• ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
• ciscoasa(config-tunnel-general)# address-pool anyconnect-pool

keine ahnung wozu?

• ciscoasa(config)# group-policy sales internal
• hostname(config)# group-policy sales attributes
• hostname(config-group-policy)# webvpn
• hostname(config-group-policy)# anyconnect keep-installer installed

Assigns a default group policy to the tunnel group.

• ciscoasa(config)# tunnel-group anyconnect-tunnel-group general-attributes
• ciscoasa(config-tunnel-general)# default-group-policy sales

Enables the display of the tunnel-group

• ciscoasa(config)# tunnel-group anyconnect-tunnel-group webvpn-attributes
• ciscoasa(config-tunnel-webvpn)# group-alias sales_department enable

Links

• http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_anyconnect.html