Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Configuring Port Settings

69-53

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Configuring AnyConnect VPN Connections

•IPsec (IKEv2) Access:

–

Allow Access—Check to enable IPsec (IKEv2) VPN access on the interface.

–

Enable Client Services—Check to enable client services for IKEv2 connections on the

interface. Client services include enhanced Anyconnect features including software updates,

client profiles, GUI localization (translation) and customization, Cisco Secure Desktop, and

SCEP proxy. If you disable client services, the AnyConnect client still establishes basic IPsec

connections with IKEv2.

•Login Page Setting—Allow the user to select a connection profile, identified by its alias, on the login

page. If you do not check this check box, the default connection profile is DefaultWebVPNGroup.

•Connection Profiles—Configure protocol-specific attributes for connections (tunnel groups).

–

Add/Edit—Click to Add or Edit a Connection Profile (tunnel group).

–

Name—The name of the Connection Profile.

–

Aliases—Other names by which the Connection Profile is known.

–

SSL VPN Client Protocol—Specifies whether SSL VPN client have access.

–

Group Policy—Shows the default group policy for this Connection Profile.

–

Allow user to select connection, identified by alias in the table above, at login page—Check to

enable the display of Connection Profile (tunnel group) aliases on the Login page.

•Let group URL take precedence if group URL and certificate map match different connection

profiles. Otherwise, the connection profile matches the certificate map will be used.—This option

specifies the relative preference of the group URL and certificate values during the connection

profile selection process. If the ASA fails to match the preferred value, it chooses the connection

profile that matches the other value. Check this option only if you want to rely on the preference

used by many older ASA software releases to match the group URL specified by the VPN endpoint

to the connection profile that specifies the same group URL. This option is unchecked by default. If

it is unchecked, the ASA prefers to match the certificate field value specified in the connection

profile to the field value of the certificate used by the endpoint to assign the connection profile.

Modes

The following table shows the modes in which this feature is available:

Configuring Port Settings

Configure port numbers for SSL and IPsec (IKEv2) connections in this window:

Fields

•SSL Ports:

–

HTTPS Port—The port to enable HTTPS for clientless (browser-based) SSL connections. The

range is 1-65535. The default is port 443.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

•—•——

Cisco Systems Configuring Port Settings

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505