In a typical clientless remote access scenario, remote users establish an SSL tunnel to move data to and from the internal networks at the application layer (for example, web and e-mail). In tunnel mode, remote users use an SSL tunnel to move data at the network (IP) layer. Therefore, tunnel mode supports most IP-based applications. Tunnel mode supports many popular corporate applications (for example, Microsoft Outlook, Microsoft Exchange, Lotus Notes E-mail, and Telnet).
The tunnel connection is determined by the group policy configuration. The Cisco AnyConnect VPN Client is downloaded and installed on the remote user PC, and the tunnel connection is established when the remote user logs into the SSL VPN gateway.
By default, the Cisco AnyConnect VPN Client is removed from the client PC after the connection is closed. However, you have the option to keep the Cisco AnyConnect VPN Client installed on the client PC.
AnyConnect VPN is supported in both IOS and ASA platforms. The configuration syntax is pretty much different between the two platforms.
Scenario:
webvpn install svc disk0:/anyconnect-win-3.0.11042-k9.pkg
ip http secure-serve
ip http server
- SSL VPN gateway
webvpn gateway SSLVPN_GATEWAY
ip address 172.20.1.2 port 443
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-local
logging enable
inservice
- SSL VPN context
webvpn context SSLVPN
title "SSL VPN TEST"
ssl authenticate verify all
policy group ANYCONNECT_POLICY
functions svc-required
svc address-pool "SVC_POOL"
svc keep-client-installed
svc split include 10.1.1.0 255.255.255.0
default-group-policy ANYCONNECT_POLICY
aaa authentication list SSLVPN
aaa authentication domain @SSLVPN
gateway SSLVPN_GATEWAY domain SSLVPN
logging enable
inservice
aaa authentication login SSLVPN local
username ANYCONNECT@SSLVPN password 0 CISCO
No comments:
Post a Comment