ASA – Anyconnect (Basic Setup)

Within this article we will configure a basic Anyconnect setup.
The Anyconnect client provides the ability to securly connect to your LAN via TLS/DTLS (TLS over UDP).

Enable WebVPN

asa84(config)# webvpn
asa84(config-webvpn)# enable outside
INFO: WebVPN and DTLS are enabled on ‘outside’.
asa84(config-webvpn)# anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg
ERROR: The specified AnyConnect Client image does not exist.
asa84(config-webvpn)# anyconnect enable
asa84(config-webvpn)# exit

Create User

asa84(config)# username user1 password abc123
asa84(config)# username user1 attributes
asa84(config-username)# service-type remote-access
asa84(config)# exit

Create IP Pool

asa84(config)# ip local pool VPN-POOL 192.168.1.1-192.168.1.254 mask 255.255.255.0

Create Group-Policy

asa84(config)# group-policy LAB internal
asa84(config)# group-policy LAB attributes
asa84(config-group-policy)# vpn-tunnel-protocol ssl-client ssl-clientless
asa84(config-group-policy)# address-pools value VPN-POOL
asa84(config-group-policy)# exit

Create Tunnel-Group

asa84(config)# tunnel-group LAB type remote-access
asa84(config)# tunnel-group LAB general-attributes
asa84(config-tunnel-general)# default-group-policy LAB
asa84(config-tunnel-general)# exit
asa84(config)# tunnel-group LAB webvpn-attributes
asa84(config-tunnel-webvpn)# group-alias LAB-VPN
asa84(config-tunnel-webvpn)# exit

Enable Login Dropdown

asa84(config)# webvpn
asa84(config-webvpn)# tunnel-group-list enable
asa84(config-webvpn)# exit

Once configured connect to your ASA via either its hostname or IP via a browser. Then login using the previously created user.

You will then be able to download the Anyconnect client by clicking on the ‘Start Anyconnect’ link.

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial