################################################### ASA (9.x) SSL AnyConnect Configuration via ASDM ################################################### Introduction ============= .. Todo: write introduction to chapter Configuration ============= .. rubric:: Pre-requisite configration on ASA #. Ensure all interfaces are configured #. Ensure necessary routing (static or dynamic) is in place #. Setup Management (SSH, HTTP) as required .. rubric:: Steps Needed #. Save AnyConnect package to ASA flash #. Set hostname and domain name #. Generate Encryption Keys #. Enable WebVPN #. Setup local users or external authentication #. Setup IP Local Pool (Optional if using DHCP) #. Define filter policy (Optional) #. Define Split Tunnel Policy (Optional) #. Define Group Policy #. Define Connection Profile .. note:: The above steps can be completed manually as documented below or via the SSL VPN Wizard .. rubric:: Save AnyConnect Package to ASA Flash .. todo:: Document methods of uploading to flash .. rubric:: Set hostname and domain name In ASDM Navigate to: :menuselection:`Configuration --> Device Setup` On the CLI this can be setup as follow: :: hostname domain-name .. rubric:: Generate encryption key :: crypto key generate rsa modulus .. rubric:: Enable AnyConnect on the appropriate interfaces :: webvpn enable anyconnect image anyconnect enable .. rubric:: Setup Local Users (Optional) .. rubric:: Setup external authentication server (Optional) .. rubric:: Define IP Address Pool :: ip local pool - .. rubric:: Define Group Policies :: group-policy internal group-policy attributes vpn-tunnel-protocol ssl-clientless ssl-client webvpn anyconnect ask enable anyconnect keep-installer installed .. rubric:: Define Connection Profile :: tunnel-group type webvpn ! tunnel-group general-attributes default-group-policy address-pool ! tunnel-group webvpn-attributes group-alias