CCNP Security Quick Reference: Deploying Cisco ASA AnyConnect Remote-Access VPN Solutions

Date: Apr 14, 2011

Return to the article

In this chapter you learn to deploy and manage Secure Sockets Layer (SSL) virtual private networks (VPN) on Cisco Adaptive Security Appliance (ASA) as the VPN gateway with clients using AnyConnect SSL Client software.

As you'll see, you can initiate an SSL VPN session from devices that support the install of a dedicated client (desktops, laptops) and from devices that lack administrative privileges to do so (PDA, smartphone, laptop), as shown in Figure 3-1.

Figure 3-1 SSL VPN

Deploying a Basic Cisco AnyConnect Full-Tunnel SSL VPN Solution

Basic Cisco AnyConnect full-tunnel SSL VPN uses user authentication by username and password, provides IP address assignment to the client, and uses a basic access control policy. The client also authenticates the ASA with identity certificate-based authentication. Deployment tasks for this scenario are as follows:

  1. Configure the basic ASA SSL VPN gateway features.
  2. Configure local user authentication.
  3. Configure IP address assignment.
  4. Configure basic access control.
  5. Install the Cisco AnyConnect VPN Client.

As of this writing, AnyConnect Client officially supports only SSL connections. Starting with version 3.0, which is available for download, AnyConnect is composed of multiple modules and supports additional features (including IPsec IKEv2 VPN terminations on Cisco ASA). The problem here is that this requires ASA 8.4(1) and Adaptive Security Device Manager (ASDM) 6.4(1) at a minimum, which are not available for download at the moment of this writing. For these reasons, this book is limited to configuration scenarios supported by AnyConnect versions earlier than 3.0. You can find more information about AnyConnect Secure Mobility Client 3.0 in the official release notes: www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html#wp1139431.

Configuring Basic Cisco ASA SSL VPN Gateway Features

To initially prepare the ASA for SSL VPN termination, complete the following steps:

800 East 96th Street, Indianapolis, Indiana 46240

sale-70-410-exam    | Exam-200-125-pdf    | we-sale-70-410-exam    | hot-sale-70-410-exam    | Latest-exam-700-603-Dumps    | Dumps-98-363-exams-date    | Certs-200-125-date    | Dumps-300-075-exams-date    | hot-sale-book-C8010-726-book    | Hot-Sale-200-310-Exam    | Exam-Description-200-310-dumps?    | hot-sale-book-200-125-book    | Latest-Updated-300-209-Exam    | Dumps-210-260-exams-date    | Download-200-125-Exam-PDF    | Exam-Description-300-101-dumps    | Certs-300-101-date    | Hot-Sale-300-075-Exam    | Latest-exam-200-125-Dumps    | Exam-Description-200-125-dumps    | Latest-Updated-300-075-Exam    | hot-sale-book-210-260-book    | Dumps-200-901-exams-date    | Certs-200-901-date    | Latest-exam-1Z0-062-Dumps    | Hot-Sale-1Z0-062-Exam    | Certs-CSSLP-date    | 100%-Pass-70-383-Exams    | Latest-JN0-360-real-exam-questions    | 100%-Pass-4A0-100-Real-Exam-Questions    | Dumps-300-135-exams-date    | Passed-200-105-Tech-Exams    | Latest-Updated-200-310-Exam    | Download-300-070-Exam-PDF    | Hot-Sale-JN0-360-Exam    | 100%-Pass-JN0-360-Exams    | 100%-Pass-JN0-360-Real-Exam-Questions    | Dumps-JN0-360-exams-date    | Exam-Description-1Z0-876-dumps    | Latest-exam-1Z0-876-Dumps    | Dumps-HPE0-Y53-exams-date    | 2017-Latest-HPE0-Y53-Exam    | 100%-Pass-HPE0-Y53-Real-Exam-Questions    | Pass-4A0-100-Exam    | Latest-4A0-100-Questions    | Dumps-98-365-exams-date    | 2017-Latest-98-365-Exam    | 100%-Pass-VCS-254-Exams    | 2017-Latest-VCS-273-Exam    | Dumps-200-355-exams-date    | 2017-Latest-300-320-Exam    | Pass-300-101-Exam    | 100%-Pass-300-115-Exams    |
http://www.portvapes.co.uk/    | http://www.portvapes.co.uk/    |