Net Worker World

1. Copy Anyconnect image to ASA flash: copy tftp: flash: 2. Enable Anyconnect on outside interface ASA(config)# webvpn ASA(config-webvpn)# anyconnect enable ASA(config-webvpn)# enable outside ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.7.00136-webdeploy-k9.pkg 3. Create a VPN pool: ASA(config)# ip local pool VPNPOOL 10.0.100.1-10.0.100.250 4.Create an object for the VPN pool ASA(config)# object network VPNPOOL ASA(config-network-object)# subnet 10.0.100.0 255.255.255.0 5. Create NAT exemption for VPN pool nat (inside,outside) source static NET-10.0.0.0_24 NET-10.0.0.0_24 destination static VPNPOOL VPNPOOL no-proxy-arp route-lookup 6. Create a group policy for Anyconnect ASA(config)# group-policy GP-SSLVPN internal ASA(config)# group-policy GP-SSLVPN attributes ASA(config-group-policy)# vpn-tunnel-protocol ssl-client 7. Modify default remote access tunnel group ASA(config)# tunnel-group DefaultWEBVPNGroup general-attributes ASA(config-tunnel-general)# address-pool VPNPO

1. Specify LAN failover physical interface and name it. In this lab, failover and stateful link are sharing the same interface . ASAv1(config)# failover lan unit primary failover lan interface FO GigabitEthernet0/2 failover link FO GigabitEthernet0/2 failover interface ip FO 192.168.254.1 255.255.255.0 standby 192.168.254.2 ASAv2(config)# failover lan unit secondary failover lan interface FO GigabitEthernet0/2 failover link FO GigabitEthernet0/2 failover interface ip FO 192.168.254.1 255.255.255.0 standby 192.168.254.2 2. Enable failover interface ASAv1(config)#int g0/2 ASAv1(config-if)#no shut ASAv2(config)#int g0/2 ASAv2(config-if)#no shut 3. Enable failover ASAv1(config)#failover ASAv2(config)#failover 4. Assign failover pair a new hostname ASAv1(config)#hostname ASA ASA(config)# 5. Verify Failover status ASA# show failover 6. Continue basic configuration on Active ASA, config inside and outside interfaces ASA(config)# int g0/0  ASA(config-if)# ip add 203.0.113.2 255.255.255.0 stand