Anyconnect VPN on ASA Сheatsheet

A small example of Anyconnect VPN configuration on ASA with 9.6 software. Split-tunneling included.

ip local pool vpn_user 192.168.255.1-192.168.255.10 mask 255.255.255.224
!
access-list Split-Tunnelling-ACL standard permit 192.168.1.0 255.255.255.0
access-list Split-Tunnelling-ACL standard permit 192.168.2.0 255.255.255.0
access-list Split-Tunnelling-ACL standard permit 192.168.3.0 255.255.255.0
access-list Split-Tunnelling-ACL standard permit 192.168.4.0 255.255.255.0
!
webvpn
 enable Outside
 anyconnect image disk0:/anyconnect-win-4.4.01054-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-macos-4.4.01054-webdeploy-k9.pkg 2
 anyconnect image disk0:/anyconnect-linux64-4.4.01054-webdeploy-k9.pkg 3
 anyconnect profiles VPN-Profile disk0:/vpn-profile.xml
 anyconnect enable
!
group-policy VPNPolicy internal
group-policy VPNPolicy attributes
 dns-server none
 vpn-tunnel-protocol ssl-client ssl-clientless
 password-storage disable split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split-Tunnelling-ACL
 address-pools value vpn_user
 webvpn
  anyconnect profiles value VPN-Profile type user
!
username testvpnuser password testvpnpassword
username testvpnuser attributes
 vpn-group-policy VPNPolicy
 service-type remote-access
!
tunnel-group VPN type remote-access
tunnel-group VPN general-attributes
 address-pool vpn_user
 default-group-policy VPNPolicy

Leave a Reply

Your email address will not be published. Required fields are marked *