75-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter75 Configuring AnyConnect VPN Client Connections
Configuring AnyConnect Connections
hostname(config)# group-policy telecommuters attributes
hostname(config-group-policy)# webvpn
hostname(config-group-webvpn)# vpn-idle-timeout 10
hostname(config-group-webvpn)# default-idle-timeout 1200
Updating AnyConnect Client Images
You can update the client images on the ASA at any time using the following procedure:
Step1 Copy the new client images to the ASA using the copy command from privileged EXEC mode, or using
another method.
Step2 If the new clientt image files have the same filenames as the files already loaded, reenter the anyconnect
image command that is in the configuration. If the new filenames are different, uninstall the old files
using the noanyconnect image command. Then use the anyconnect image comman d to a ssign an ord er
to the images and cause the ASA to load the new images.
Enabling IPv6 VPN Access
If you want to configure IPv6 access, you must use the command-line interface to configure IPv6;
ASDM does not support IPv6.
Note The ASA does not support IPv6 over IPsec IKEv2 VPN sessions.
You enable IPv6 access using the ipv6 enable command as part of enabling SSL VPN connections. The
following is an example for an IPv6 connection that enables IPv6 on the outside interface:
hostname(config)# interface GigabitEthernet0/0
hostname(config-if)# ipv6 enable
To enable IPV6 SSL VPN, do the following general actions:
1. Enable IPv6 on the outside interface.
2. Enable IPv6 and an IPv6 address on the inside interface.
3. Configure an IPv6 address local pool for client assigned IP Addresses.
4. Configure an IPv6 tunnel default gateway.
To implement this procedure, do the following steps:
Step1 Configure Interfaces:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 192.168.0.1 255.255.255.0
ipv6 enable ; Needed for IPv6.
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.0.1 255.255.0.0
ipv6 address 2001:DB8::1/32 ; Needed for IPv6.
ipv6 enable ; Needed for IPv6.