Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AnyConnect setup question


I currently have ASA 5540 and my licened features are below:

VPN-DES                                 : Enabled        perpetual

VPN-3DES-AES                        : Enabled        perpetual

Security Contexts                      : 2              perpetual

GTP/GPRS                                : Disabled       perpetual

AnyConnect Premium Peers        : 2              perpetual

AnyConnect Essentials                : Disabled       perpetual

Other VPN Peers                         : 5000           perpetual

Total VPN Peers                          : 5000           perpetual

Shared License                            : Disabled       perpetual

AnyConnect for Mobile                  : Disabled       perpetual

AnyConnect for Cisco VPN Phone  : Disabled       perpetual

Advanced Endpoint Assessment     : Disabled       perpetual

UC Phone Proxy Sessions             : 2              perpetual

Total UC Proxy Sessions               : 2              perpetual

Botnet Traffic Filter                         : Disabled       perpetual

Intercompany Media Engine            : Disabled       perpetual

This platform has an ASA 5540 VPN Premium license.

1. Do I need to have a real public SSL cert for it while I'm testing AnyConnect?

2. Our current network is on 172.16.x.x network, what is the best idea to have this AnyConnect subnet on? I was thinking about network then route that subnet to only certain subnets on our current 172.16.x.x network. What do ya think?

3. I'd assume that I need DHCP for too right?


  • VPN
Cisco Employee

AnyConnect setup question


You do not need public ssl till the time you are testing. If you do not have a SSL cert (public) you will just get the error that certificate is not valid you can just ignore it.

You can choose any pool subnet till the point that subnet is not present in your lan.

No you do not need any DHCP.




AnyConnect setup question


1) It is not necessary to have public SSL cert on ASA for connecting the anyconnect. You will get warning message for certificate but you should be able to connect to ASA.

2) Yes, you can use subnet as your address-pool for anyconnect clients.

3) You can define address-pool either from DHCP or locally from ASA.

You ca check below link to configure anyconnect client configuration on ASA:-

Let me know if it helps!!



New Member

AnyConnect setup question

Thanks guys.

2. My core router is where control all the subnets and routing, Let's say i'll use 10.10.10./24 subnet then I will have to create that subnet first on my core router before confirgure Anyconnect on the ASA?

3. Let's say I don't have DHCP pool setup for this vlan, how can ASA distribute an IP (from to my client which trying to connect from outside? I'm kind of confuse here.


Cisco Employee

AnyConnect setup question

Hi Tim,

There are 2 option to give an IP address to the client. First define the DHCP server and scope or Configure the vpn poool on the ASA (Easy way ). Please check the link below it will give you a step by step configuration of Anyconnect on ASA: