Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configure AnyConnect (Mobile) on ASA5505

I've found tutorials and guides on how to configure AnyConnect on an ASA5505, but I wanted to check before to make sure I was going the right direction. 


I have a very simple setup and basic goal.  I currently just have one laptop on E0/1 of my ASA5505 and then the ASA configured with a static IP plugged to the Internet.  I have the ASA correctly configured and can browse the web through the laptop.

I also have the AnyConnect and AnyConnect Mobile licenses as well.


I want to set up AnyConnect on the ASA5505 and just establish a successful connection from an android mobile device running the necessary AnyConnect software from the market.


There are lots of guides for specifc set ups, but as described, I want to keep this as simple as possible.

Would this be a good guide to be able to complete this?

Also, I'm more comfortable with the CLI. Is it simpler to use the ASDM wizard for this?

Thanks in advance.

Everyone's tags (3)

Accepted Solutions

Re: Configure AnyConnect (Mobile) on ASA5505

Hello Joffroi,

Please mark the question as answered so future users can learn from your own resolution



Looking for some Networking Assistance? Contact me directly at I will fix your problem ASAP. Cheers, Julio Carvajal Segura
New Member

Re: Configure AnyConnect (Mobile) on ASA5505

I am unable to connect to for asdm for some reason, so I went ahead and tried my first attempt at getting AnyConnect set up through CLI (which I prefer anyway).

My ASA is assigned and I'm still able to browse content through a connected laptop. After my set up, I am unable to access though.  Is there something wrong with my assigned IP Pool?

Below is my config file. Any help is greatly appreciated.


ASA5505# show run

: Saved


ASA Version 8.2(5)


hostname SA5505

enable password 8Ry2YjIyt7RRXU24 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6



interface Ethernet0/7



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address


ftp mode passive

access-list NONAT extended permit ip

pager lines 24

mtu inside 1500

mtu outside 1500

ip local pool SSLClientPool mask

no failover

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list NONAT

nat (inside) 1

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

telnet timeout 5

ssh timeout 5

console timeout 0

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept


enable outside


svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1

svc enable

tunnel-group-list enable

group-policy SSLClientPolicy internal

group-policy SSLClientPolicy attributes

dns-server value

vpn-tunnel-protocol svc

address-pools value SSLClientPool

username testuser password cd0dmVM0fEWRYugq encrypted

username testuser attributes

service-type remote-access

tunnel-group SSLClientProfile type remote-access

tunnel-group SSLClientProfile general-attributes

default-group-policy SSLClientPolicy

tunnel-group SSLClientProfile webvpn-attributes

group-alias SSLVPNClient enable


class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect ip-options

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect icmp


service-policy global_policy global

prompt hostname context

no call-home reporting anonymous


profile CiscoTAC-1

  no active

  destination address http

  destination address email

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily


: end

EDIT:  I just tested this configurations on AnyConnect on my device and I was SUCCESSFULLY able to complete the VPN! I apologize for taking up room on this forum. I guess I should have tried a couple times first being reaching out to help. Surprised myself.

Re: Configure AnyConnect (Mobile) on ASA5505

Hello Joffroi,

Please mark the question as answered so future users can learn from your own resolution



Looking for some Networking Assistance? Contact me directly at I will fix your problem ASAP. Cheers, Julio Carvajal Segura