Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual page 41

Administration guide

Hide thumbs Also See for 5505 - ASA Firewall Edition Bundle:

Configuration manual (1822 pages)

Getting started manual (168 pages)

Hardware installation manual (82 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

page of 118

/ 118
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 4

Installing the AnyConnect Client on a Security Appliance Using CLI

ip local pool poolname startaddr-endaddr mask mask

The following example creates the local IP address pool vpn_users:

hostname(config)# ip local pool vpn_users 209.165.200.225-209.165.200.254

mask 255.255.255.224

Assign IP addresses to a tunnel group. One method you can use to do this is to assign a local IP address

Step 5

pool with the address-pool command from general-attributes mode:

address-pool poolname

To do this, first enter the tunnel-group name general-attributes command to enter general-attributes

mode. Then specify the local IP address pool using the address-pool command.

In the following example, the user configures the existing tunnel group telecommuters to use the address

pool vpn_users created in step 3:

hostname(config)# tunnel-group telecommuters general-attributes

hostname(config-tunnel-general)# address-pool vpn_users

Step 6

Assign a default group policy to the tunnel group with the default-group-policy command from tunnel

group general attributes mode:

default-group-policy name

In the following example, the user assigns the group policy sales to the tunnel group telecommuters:

hostname(config-tunnel-general)# default-group-policy sales

Create and enable a group alias that displays in the group list on the WebVPN Login page using the

Step 7

group-alias command from tunnel group webvpn attributes mode:

group-alias name enable

First exit to global configuration mode, and then enter the tunnel-group name webvpn-attributes

command to enter tunnel group webvpn attributes mode.

In the following example, the user enters webvpn attributes configuration mode for the tunnel group

telecommuters, and creates the group alias sales_department:

hostname(config)# tunnel-group telecommuters webvpn-attributes

hostname(config-tunnel-webvpn)# group-alias sales_department enable

Enable the display of the tunnel-group list on the WebVPN Login page from webvpn mode:

Step 8

tunnel-group-list enable

First exit to global configuration mode, and then enter webvpn mode.

In the following example, the user enters webvpn mode, and then enables the tunnel group list:

hostname(config)# webvpn

hostname(config-webvpn)# tunnel-group-list enable

Specify SSL as a permitted VPN tunneling protocol for the group or user with the vpn-tunnel-protocol

Step 9

svc command in group-policy mode or username mode:

vpn-tunnel-protocol svc

You can also specify other protocols to permit by adding the names of those protocols to this command.

For more information about the vpn-tunnel-protocol command, see the command description in Cisco

Security Appliance Command Reference.

OL-12950-012

Enabling AnyConnect Client SSL VPN Connections Using CLI

Cisco AnyConnect VPN Client Administrator Guide

4-3

Table of Contents

Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual page 41

Related Manuals for Cisco 5505 - ASA Firewall Edition Bundle

Related Products for Cisco 5505 - ASA Firewall Edition Bundle

Table of Contents