Configuring SSL VPN on a Cisco ASA 5510

Lately I’m busy with installing Cisco ASA’s and in particular 5510 ASA’s now I’m configuring also ssl vpn clients ( anyconnect ) on these Cisco ASA’s. Below I wanted to share an easy setup and working methode of a SSL VPN situation.

Example of below is based on ASA software 8.3 and asdm 6.3

Step 1:  ( create names for networks )

name < network address > wpn_<name>
Step 2: ( ensure you can circulate traffic between networks )
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Step 3: ( ensure a Split Tunnel Access-list )
access-list remote_splitTunnelAcl standard permit < network address > < subnet address >
Step 4: ( create a network group )
object network WPN_<name>
subnet < network address > < subnet address >
Step 5: ( ensure a No Nat access-list )
access-list acl_NONAT_out extended permit ip object <Local network object group > object  < wpn object group>
Step 6: ( create a ip local pool for the sslvpn )
ip local pool WebVPNPool <network address.100-<network address>.200 mask <subnet address>
Step 7: ( create a nat entry )
nat (inside,any) source static Local-LAN Local-LAN destination static WPN_<name> WPN_<name>
Step 8: ( create a radius connection if you use radius )
aaa-server <servername>  protocol radius
aaa-server <servername> (inside) host < ip address server >
timeout 5
key <keyname>
Step 9: ( Webvpn configuration ( ensure you upload the correct/latest anyconnect software ) )
enable outside
svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 3
svc image disk0:/anyconnect-macosx-i386-2.5.0217-k9.pkg 4
svc enable
tunnel-group-list enable
group-policy WebVPNPolicy internal
group-policy WebVPNPolicy attributes
dns-server value <dns server >
vpn-tunnel-protocol svc
group-lock value WebVPNAccessProfile
split-tunnel-policy tunnelspecified
split-tunnel-network-list value remote_splitTunnelAcl
default-domain value <domainname>.local
address-pools value WebVPNPool
svc ask none default svc
hidden-shares none
file-entry disable
file-browsing disable
url-entry disable
Step 10: ( create tunnel-groups )
tunnel-group WebVPNAccessProfile type remote-access
tunnel-group WebVPNAccessProfile general-attributes
authentication-server-group <radius groupname > LOCAL
default-group-policy WebVPNPolicy
tunnel-group WebVPNAccessProfile webvpn-attributes
group-alias WebVPN enable

2 thoughts on “Configuring SSL VPN on a Cisco ASA 5510

  1. Pingback: Configuring SSL VPN on a Cisco ASA 5510 « Glazenbakjes Weblog « Chicago Mac/PC Support

  2. This is great information , thank you, I am new to ASA5510 configuration and i will appreciated if you can provide me with sample congiuration of the ASA5510,

    if you accept iw ill send my my ASA5510 congiuration, i need two cleints coputers from out side to access only two servers from the insdie, can this be doneon the firewall ASA5510. Thank you

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s