ASA 5505 AnyConnect config with IOS 8.3

Unanswered Question
Aug 10th, 2010


i found on the internet how to activate anyconnect feature on my ASA5505..  I'm not sure about the new no nat configuration with ios 8.3.  After i put that line, i'm able to connect..  i received an IP on .50.x subnet..  but i can't talk with our .0.x network.  i'm also looking for a split tunnel configuration.

Any help appreciate...

here is the command line;


! Specify the AnyConnect image to be downloaded by users

svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

! Enable AnyConnect access on the outside ASA interface
enable outside
svc enable

! Create a local IP address pool to assign for remote users
ip local pool SSLClientPool mask

! Configure NAT exemption for traffic between internal LAN and remote users
!access-list NONAT extended permit ip
!nat (inside) 0 access-list NONAT
object network InsideVlan0

object network RemoteVPN

nat (inside,outside) source static InsideVlan0 InsideVlan0 destination static RemoteVPN RemoteVPN

! Create usernames that will use the AnyConnect remote access only
username userA password test123
username userA attributes
service-type remote-access

username userB password test12345
username userB attributes
service-type remote-access

! Create a group policy with configuration parameters that should be applied to clients (there are two options available here according to the ASA version you are running)

group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value
vpn-tunnel-protocol svc
address-pools value SSLClientPool

!ASA(config)# group-policy SSLCLientPolicy internal
!ASA(config)# group-policy SSLCLientPolicy attributes
!ASA(config-group-policy)# dns-server value
!ASA(config-group-policy)# address-pools value SSLClientPool
!ASA(config-group-policy)# webvpn
!ASA(config-group-webvpn))#vpn-tunnel-protocol svc

! Allow the AnyConnect traffic to bypass access lists
sysopt connection permit-vpn

! Create tunnel group profile to define connection parameters
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLCLientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
tunnel-group-list enable

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion