29-14
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Creating SSL VPNs Using the Remote Access VPN Configuration Wizard (ASA
Devices)
This procedure describes how to create or edit SSL VPNs on ASA devices using the Remote Access SSL
VPN Configuration Wizard.
Related Topics
Understanding Remote Access SSL VPNs, page 29-2
Understanding Devices Supported by Each Remote Access VPN Technology, page 29-8
Step 1 In Device view, select the desired ASA device.
Step 2 From the Policy selector, select Remote Access VPN > Configuration Wizard.
Step 3 Select the Remote Access SSL VPN radio button.
Step 4 Click Remote Access Configuration Wizard. The Access page opens. For a description of the elements
on this page, see SSL VPN Configuration Wizard—Access Page (ASA), page29-15.
Step 5 Specify the interfaces on which you want to enable the SSL VPN connections. Click Select to select an
interface or an interface role object that identifies the interfaces.
Step 6 Specify the port number you want to use for the SSL VPN sessions. Enter the port number or the name
of a port list object that defines the number, or click Select to select the object or to create a new object.
The default port is 443, for HTTPS traffic. The port number can be 443, or within the range of
1024-65535. If you change the port number, all current SSL VPN connections terminate, and current
users must reconnect.
Note If HTTP port redirection is enabled, the default HTTP port number is 80.
Step 7 To allow users to select a tunnel group from a list of tunnel group connection profiles configured on the
device at login, select the Allow Users to Select Connection Profile in Portal Page option.
Step 8 To allow users to use the AnyConnect VPN client to connect to the SSL VPN, select the Enable
AnyConnect Access check box.
Step 9 Click Next. The Connection Profile page opens. For a description of the elements on this page, see SSL
VPN Configuration Wizard—Connection Profile Page (ASA), page29-16.
Step 10 In Connection Profile Name, enter the name of the connection profile. This is the name of the tunnel
group, and will appear in the Remote Access VPN > Connection Profiles policy. For more information
about the connection profile policy, see Configuring Connection Profiles (ASA, PIX 7.0+), page 30-6.
Step 11 On the Connection Profile page, configure these options that will later appear in the General tab of the
connection profile (see General Tab (Connection Profiles), page30-9):
Group Policy—Enter the name of the ASA Group Policy policy object that will be the default group
for the connection profile, or click Select to select the object. If the required object does not yet
exist, click Select, then click the Create (+) button in the ASA User Groups Selector dialog box,
which opens a wizard to guide you through the creation process as described in Creating User
Groups with the Create Group Policy Wizard, page29-19.
For more information about ASA Group Policies objects, see ASA Group Policies Dialog Box,
page 33-1.