Top Panel
Top Panel
Top Panel
ASA: SSLVPN config PDF Print E-mail
Written by Alexei Spirin   
Monday, 18 June 2012 16:35
ASA Config: ASA SSLVPN Server with local authentication
access-list splitALL extended permit ip any
ip local pool sslUsers mask
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
crypto key generate rsa label SSL modulus 2048 noconfirm
crypto ca trustpoint LocalCA
enrollment self
keypair SSL
crypto ca enroll LocalCA noconfirm
ssl trust-point LocalCA outside
enable outside
anyconnect image disk0:/anyconnect-win-3.0.4235-k9.pkg 1 !put on flash in advance
anyconnect image disk0:/anyconnect-macosx-i386-3.0.4235-k9.pkg 2
anyconnect enable
tunnel-group-list enable
group-policy sslUsers internal
group-policy sslUsers attributes
dns-server value
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value splitALL
default-domain value corporate.local
split-dns value corporate.local
anyconnect keep-installer installed
anyconnect ssl rekey time 60
anyconnect ssl rekey method ssl
anyconnect ask none default anyconnect
anyconnect dpd-interval gateway 30
anyconnect dpd-interval client 30
tunnel-group sslUsers type remote-access
tunnel-group sslUsers general-attributes
address-pool sslUsers
default-group-policy sslUsers
tunnel-group sslUsers webvpn-attributes
group-alias run enable
group-url enable !external ASA interface

Some notes:

User authentication is done via local database is considered as an address range for corporate network is considered as VPN user address range

For the first time user should log in via browser https://. Anyconnect client will install authomatically

updated due to missing 'subject-name' command in certificate configuration

Last Updated on Thursday, 22 January 2015 13:36