I’ve assigned the first pool to the first tunnel group and the second pool to the second. This creates two tunnel groups called ANYCONN_1 and ANYCONN_2. Tunnel-group ANYCONN_2 type general-attributes Tunnel-group ANYCONN_2 type remote-access Tunnel-group ANYCONN_1 type general-attributes Tunnel-group ANYCONN_1 type remote-access I’ll create two such groups for reasons I’ll explain later. I defined two pools here because I plan to have multiple tunnel groups later. It’s just used on the inside of the network after the remote user’s traffic has passed through the ASA. It has nothing to do with the user’s public IP address or any address they might have inside their home network. This is the address that will appear inside the corporate network for this user. When users connect their VPN, they’ll need an IP address for the VPN session. It’s accessed through the ASA interface that I called “INSIDE” in the interface configuration. This configuration fragment says that I have a RADIUS server inside my network with IP address 10.10.1.1, which I refer to by the tag “MYRADIUS” in the ASA configuration. The configuration is similar: !Īaa-server MYRADIUS (INSIDE) host 10.10.1.1 My preference is to use RADIUS for authentication and authorization, but there are other options such as LDAP. The first thing to configure is AAA authentication. The process itself is quite simple, though, so let’s go through the steps you’ll need to configure Cisco An圜onnect for your VPN. Unfortunately, the documentation from Cisco is extremely confusing, and I’ve seen a lot of organizations that do it wrong (by which I mean insecurely).
Because the world continues to work from home this year, I’ve had to configure Cisco An圜onnect VPNs on ASA firewalls for clients a few times.
0 kommentar(er)
