I currently have ASA 5540 and my licened features are below:
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 5000 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5540 VPN Premium license.
1. Do I need to have a real public SSL cert for it while I'm testing AnyConnect?
2. Our current network is on 172.16.x.x network, what is the best idea to have this AnyConnect subnet on? I was thinking about 10.10.10.0/24 network then route that subnet to only certain subnets on our current 172.16.x.x network. What do ya think?
3. I'd assume that I need DHCP for 10.10.10.0/24 too right?
2. My core router is where control all the subnets and routing, Let's say i'll use 10.10.10./24 subnet then I will have to create that subnet first on my core router before confirgure Anyconnect on the ASA?
3. Let's say I don't have DHCP pool setup for this vlan 10.10.10.0/24, how can ASA distribute an IP (from 10.10.10.0/24) to my client which trying to connect from outside? I'm kind of confuse here.
There are 2 option to give an IP address to the client. First define the DHCP server and scope or Configure the vpn poool on the ASA (Easy way ). Please check the link below it will give you a step by step configuration of Anyconnect on ASA:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...