Anyconnect Basic Setup

1. Copy Anyconnect image to ASA flash:

copy tftp: flash:

2. Enable Anyconnect on outside interface

ASA(config)# webvpn

ASA(config-webvpn)# anyconnect enable

ASA(config-webvpn)# enable outside

ASA(config-webvpn)# anyconnect image disk0:/anyconnect-win-4.7.00136-webdeploy-k9.pkg

3. Create a VPN pool:

ASA(config)# ip local pool VPNPOOL 10.0.100.1-10.0.100.250

4.Create an object for the VPN pool

ASA(config)# object network VPNPOOL

ASA(config-network-object)# subnet 10.0.100.0 255.255.255.0

5. Create NAT exemption for VPN pool

nat (inside,outside) source static NET-10.0.0.0_24 NET-10.0.0.0_24 destination static VPNPOOL VPNPOOL no-proxy-arp route-lookup

6. Create a group policy for Anyconnect

ASA(config)# group-policy GP-SSLVPN internal

ASA(config)# group-policy GP-SSLVPN attributes

ASA(config-group-policy)# vpn-tunnel-protocol ssl-client

7. Modify default remote access tunnel group

ASA(config)# tunnel-group DefaultWEBVPNGroup general-attributes

ASA(config-tunnel-general)# address-pool VPNPOOL

ASA(config-tunnel-general)# default-group-policy GP-SSLVPN

8. Create a local Anyconnect user

ASA(config)# username vpnuser1 password 123456