Anyconnect Ipsec Configuration

1/6/2022by admin
  1. Cisco Anyconnect Configuration File
  2. Anyconnect Ipsec Configuration Failed
Anyconnect

KB ID 0000066

Client

Problem

This is a simple job to do from command line, however the world is full of people who would rather spend an hour in the ASDM working out how to do it! So I’ve included both methods.

Anyconnect

What is split tunneling?

Anyconnect Ipsec Configuration

The sample configuration connects a Cisco ASA device to an Azure route-based VPN gateway. The connection uses a custom IPsec/IKE policy with the UsePolicyBasedTrafficSelectors option, as described in this article. The sample requires that ASA devices use the IKEv2 policy with access-list-based configurations, not VTI-based. Consult your VPN. Linux (Ubuntu 32 or 64bit) Anyconnect Installation Guide. Browse to NS VPN Client Download Page; Download the correct 'anyconnect-predeploy-linux' file (32 or 64 bit). This file should be saved to a directory on your computer.

This is the process of letting a remote VPN user browse the web, and access local resources etc, from their location whilst connected to your VPN in this case via SSLVPN, but also from WebVPN or IPSECVPN.

Solution

Option 1 Enable Split Tunnel via Command Line.

Anyconnect ipsec tunnel

1. Connect to the ASA > Go to enable mode > Then to global configuration mode > Create an ACL that permits traffic from the network behind the ASA to any. (Note: Add additional ACL’s for additional internal networks).

2. Add the split tunnel to the policy you are using for you remote VPN, (if you are unsure issue a show run group-policy).

3. Save the changes.

Enable Split Tunnel on an older (PIX Firewall)

Option 2 Enable Split Tunnel via ASDM

Cisco Anyconnect Configuration File

1. Launch the ASDM > Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Select your policy.

2. Edit > Select Advanced > Split Tunneling.

3. Next to Policy > Untick “Inherit” > Change to “Tunnel Network List Below”.

4. Next to “Network List” remove the tick from Inherit > Click Manage.

Anyconnect Ipsec Configuration Failed

5. Add ACL > Call it something sensible like Split-Tunnel > OK.

6. Then click Add ACE.

7. Select Permit and enter the network BEHIND THE ASA> OK.

8. Should look a bit like this > OK.

9. OK.

10. Apply > File > Save running configuration to flash.

Related Articles, References, Credits, or External Links

Original Article Written 14/06/12

Comments are closed.