Cisco Anyconnect Secure Mobility Client is software user-friendly application which creates VPN tunnel with VPN head end. Anyconnet by default uses SSL protocol to encrypt packets (can use also ikev2 / IPSec protocols).
1. Configuring Cisco anyconnect image definition:
webvpn
enable outside
anyconnect-essentials
anyconnect image disk0:/anyconnect-win-4.2.02075-pre-deploy-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-4.2.02075-pre-deploy-k9.pkg 2
anyconnect enable
tunnel-group-list enable
2. Creating local pool for IP addressing of anyconnect clients
ip local pool VPNPOOL 172.21.0.1-172.21.0.254 mask 255.255.255.0
3. Configuring Nat exemption for excluding VPN traffic:
nat (inside,outside) source static BB BB destination static VPN VPN
4. Configuring Group policy definition for use in tunnel-group:
group-policy admin internal
group-policy admin attributes
banner value VPN USERS!
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNSPLIT
default-domain value aviumssoltions.com
split-tunnel-all-dns disable
address-pools value VPNPOOL
webvpn
anyconnect ask enable
5. Creating Tunnel Group definition:
tunnel-group admin type remote-access
tunnel-group admin general-attributes
default-group-policy admin
tunnel-group admin webvpn-attributes
group-alias admin enable
For quick troubleshooting:
show vpn-sessiondb anyconnect