Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Setting the Basic Attributes for an AnyConnect VPN Connection

69-54

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter69 General VPN Setup

Configuring AnyConnect VPN Connections

–

DTLS Port—The port to enable DTLS for SSL connections. The range is 1-65535. The default

is port 443.

•IPsec Client Services Port—The port to enable client services for IKEv2 connections. The range is

1-65535. The default is port 443.

Setting the Basic Attributes for an AnyConnect VPN Connection

To set the basic attributes for an AnyConnect VPN connection, choose Add or Edit in the Anyconnect

Connection Profiles section. The Add (or Edit) Anyconnect Connection Profile > Basic dialog box

opens.

Fields

Set the attributes in the Add AnyConnect Connection Profile > Basic dialog box as follows:

•Name—For Add, specify the name of the connection profile you are adding. For Edit, this field is

not editable.

•Aliases—(Optional) Enter one or more alternative names for the connection. You can spaces or

punctuation to separate the names.

•Authentication—Choose one of the following methods to use to authenticate the connection and

specify a AAA server group to use in authentication.

–

AAA, Certificate, or Both—Select the type of authentication to use: AAA, Certificate, or Both.

If you choose either Certificate or Both, the user must provide a certificate in order to connect.

–

AAA Server Group—Choose a AAA server group from the drop-down list. The default setting

is LOCAL, which specifies that the ASA handles the authentication. Before making a selection,

you can click Manage to open a dialog box over this dialog box to view or make changes to the

ASA configuration of AAA server groups.

–

Choosing something other than LOCAL makes available the Use LOCAL if Server Group Fails

check box.

–

Use LOCAL if Server Group fails—Check to enable the use of the LOCAL database if the group

specified by the Authentication Server Group attribute fails.

•Client Address Assignment—Select the DHCP servers, client address pools, and client IPv6 address

pools to use.

–

DHCP Servers—Enter the name or IP address of a DHCP server to use.

–

Client Address Pools—Enter the pool name of an available, configured pool of IP addresses to

use for client address assignment. Before making a selection, you can click Select to open a

dialog box over this dialog box to view or make changes to the address pools.

–

Client IPv6 Address Pools—Enter the pool name of an available, configured pool of IPv6

addresses to use for client address assignment. Before making a selection, you can click Select

to open a dialog box over this dialog box to view or make changes to the address pools.

•Default Group Policy—Select the group policy to use.

–

Group Policy—Select the VPN group policy that you want to assign as the default group policy

for this connection. A VPN group policy is a collection of user-oriented attribute-value pairs

that can be stored internally on the device or externally on a RADIUS server. The default value

is DfltGrpPolicy. You can click Manage to open a dialog box over this one to make changes to

the group policy configuration.

–

Enable SSL VPN client protocol—Check to enable SSL for this VPN connection.

Cisco Systems Setting the Basic Attributes for an AnyConnect VPN Connection

Models: ASA 5510 ASA 5512-X ASA 5515-X ASA 5520 ASA 5525-X ASA 5540 ASA 5545-X ASA 5550 ASA 5555-X ASA 5580 ASA 5585-X ASA 5505