75-21
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter75 Configuring AnyConnect VPN Client Connections
Configuration Examples for Enabling AnyConnect Connections
Configuration Examples for Enabling AnyConnect Connections
The following example shows how to configure L2TP over IPsec:
ip local pool sales_addresses 209.165.202.129-209.165.202.158
aaa-server sales_server protocol radius
crypto ipsec transform-set sales_l2tp_transform esp-3des esp-sha-hmac
crypto ipsec transform-set sales_l2tp_transform mode transport
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
l2tp tunnel hello 100
group-policy sales_policy internal
group-policy sales_policy attributes
wins-server value 209.165.201.3 209.165.201.4
dns-server value 209.165.201.1 209.165.201.2
vpn-tunnel-protocol l2tp-ipsec
tunnel-group sales_tunnel type remote-access
tunnel-group sales_tunnel general-attributes
address-pool sales_addresses
authentication-server-group none
accounting-server-group sales_server
default-group-policy sales_policy
tunnel-group sales_tunnel ppp-attributes
authentication pap
Feature History for AnyConnect Connections
Table75-1 lists the release history for this feature.
Table75-1 Feature History for AnyConnect Connections
Feature Name Releases Feature Information
AnyConnect Connections 7.2(1) The following commands were introduced or modified: authentication
eap-proxy, authentication ms-chap-v1, authentication ms-chap-v2,
authentication pap, l2tp tunnel hello, vpn-tunnel-protocol l2tp-ipsec.
IPsec IKEv2 8.4(1) IKEv2 was added to support IPsec IKEv2 connections for AnyConnect and
LAN-to-LAN.