Table of Contents


Via GUI

Clientless VPN

  1. First step is to go to the menu and click Wizards>SSL VPN Wizard...
  2. Click on the Clientless SSL VPN Access and Next
  3. Name the Profile (ex: home), Choose the newly created Certificate (Adding Self Signed Certificates to ASA), Check off Connection Group Alias/URL and add name (ex: Home), Check off Display Group Alias list at the login page, Click Next
  4. For user authetication, choose either Authentication using AAA server group, or Authenticate using local user Database. If the local, create any users required. If AAA Server Group, follow these instructions first to choose the server group.
  5. Create a new Group Policy, name accordingly (ex: HomeSSLGRPPLC )
  6. If you wish to add Bookmarks, click manage and add any details you need. I will not go into detail in this walkthrough.
  7. Click Finish
  8. Drown down Network (Client) Access, Click AnyConnect Connection Profiles
  9. Click on "Assign Certificate to Interface" below the Access and DTLS port configuration options, and make sure an SSL Certificate is chose for the outside interface.

Enable AnyConnect VPN Client

  1. Drop down Network (Client) Access, Click AnyConnect Connection Profiles
  2. Check off Enable Cisco AnyConnect VPN Client or legacy SSL VPN Client Access on the interfaces selected in the table below
  3. When prompted, choose the AnyConnect client by either uploading from your machine, or if already uploaded to flash by choosing flash.
  4. Apply, and save configuration

To test, you may enable on the inside interface to test that login to the clientless SSL page is allowing authentication, and to see if the AnyConnect Options is available for download manually.

Edit group Policy for IP Pool and AAA Authentication

 

Via CLI

 

Notes