Before we start on how to configure AnyConnect ssl vpn using ASDM let see little more about what is anyconnect ssl vpn
What is AnyConnect SSL VPN
It streamlines the process of accessing endpoints securely, guaranteeing the security and safeguarding of a corporation’s corporate network. also Cisco AnyConnect stands as a VPN client application that delivers a secure link to a distant network, permitting individuals to reach network assets as though they were present on the identical tangible network. It employs SSL or IPsec to implement robust encryption measures for security. now let go how to configure cisco anyconnect ssl vpn on cisco ASA Firewall by using ASDM
Step 1: open ASDM, before to continue you will be prompted username and password, write admin01 as username and admin01pass as password. The password used here is what you have configured when you create Local username in the firewall then click Wizards > VPN Wizards > AnyConnect VPN Wizard then click next to continue
Step 2: Configure the SSL VPN connection profile name and vpn access interface.
On this step enter ANYConnect-VPN and specify the outside interface as the VPN Access Interface. Click Next to continue, but on connection profile Name you may write any name you wish
Step 3: Specify the VPN encryption protocol.
On this screen uncheck the IPsec check box and leave the SSL check box checked. Then Do not specify a device certificate. Click Next to continue
Step 4: Add the client image to upload to AnyConnect users.
click Add to specify the AnyConnect client image filename, then Add AnyConnect Client Image window will appear then, click Browse Flash, then select latest AnyConnect image from there then click next, and in case you don’t have image you have to upload it from your computer to ASA firewall
Step 5: set AAA local authentication.
- Authentication Methodsscreen, set the AAA Server Group as a LOCAL. set a new user named as a USER01 with the password user01pass. Click Add then click next.
Step 6: set the client address assignment.
- Client Address Assignment screen, click New to create an IPv4 address pool starting IP address set 192.168.30.10 and ending IP address 192.168.30.20 subnet mask set 255.255.255.0. these Ip addresses are the one will be used on the remote devices to connect to enterprise network
Step 7: Set the network name resolution.
On this step, enter the IP address of a DNS server (192.168.4.4). Leave the current domain name as manvinno.com. Click Next to continue,
Step 8: Exempt NAT for VPN traffic.
On the NAT Exempt screen, click the Exempt VPN traffic from network address translation check box. Leave Inside Interface (inside) and the Local Network (any4). Click Next to continue.
Step 9: Check the AnyConnect client deployment details.
Read the text describing the options, and then click Next to continue.
Step 10: Pre-check the Summary screen and apply the configuration.
On this screen you to check and verify the configuration description if it corrent and then click Finish.
Step 11: Verify the AnyConnect summary configuration
After the configuration is delivered to the ASA, the AnyConnect Connection Profiles screen displays. After confirm that every this is okay don’t forget to save the configuration
Part 2: from remote PC Connect to an AnyConnect SSL VPN
On remote pc open browser and enter address https://209.150.200.226 so as to establish clientless ssl vpn to download AnyConnect vpn software, when login prompt appear use configure username and password in previous steps to login and start to download the software if refuse automatically to install download manually from internet and install it after then open the Cisco AnyConnect VPN Client then AnyConnect vpn window will appear enter the secure gateway address, enter 209.150.200.226, and click connect.
Security warning untrusted server certificate will appear if so click connect anyway
When login prompted appear, enter user01 for the username and user01pass as the password.
When the full tunnel SSL VPN connection is established, something like this we appear
Thank you don’t forget to share and follow us on our social media
other links: