4-3
Cisco AnyConnect VPN Client Administrator Guide
OL-12950-012
Chapter 4 Installing the AnyConnect Client on a Security Appliance Using CLI
Enabling AnyConnect Client SSL VPN Connections Using CLI
ip local pool poolname startaddr-endaddr mask mask
The following example creates the lo
cal IP address pool vpn_users:
hostname(config)# ip local pool vpn_users 209.165.200.225-209.165.200.254
mask 255.255.255.224
Step 5 Assign IP addresses to a tunnel group. One method you can use to do this is to assign a local IP address
pool with the address-pool command from general-attributes mode:
address-pool p
oolname
To do this, first enter the tunnel-gr
oup name general-attributes command to enter general-attributes
mode. Then specify the local IP address pool using the address-pool command.
In the following example, the user configures the existing tunnel group t
elecommuters to use the address
pool vpn_users created in step 3:
hostname(config)# tunnel-group telecommuters general-attributes
hostname(config-tunnel-general)# a
ddress-pool vpn_users
Step 6 Assign a default group policy to the tunnel group with the default-group-policy command from tunnel
group general attributes mode:
default-group-policy na
me
In the following example, the user assigns the group policy sales to
the tunnel group telecommuters:
hostname(config-tunnel-general)# default-group-policy sales
Step 7 Create and enable a group alias that displays in the group list on the WebVPN Login page using the
group-alias command from tunnel group webvpn attributes mode:
group-alias na
me enable
First exit to global configuration mode, and then enter the tunnel-
group name webvpn-attributes
command to enter tunnel group webvpn attributes mode.
In the following example, the user enters webvpn att
ributes configuration mode for the tunnel group
telecommuters, and creates the group alias sales_department:
hostname(config)# tunnel-group telecommuters webvpn-attributes
hostname(config-tunnel-webvpn)# gr
oup-alias sales_department enable
Step 8 Enable the display of the tunnel-group list on the WebVPN Login page from webvpn mode:
tunnel-group-list enable
First exit to global configuration mode, and then enter webvpn mode.
In the following example, the user enters webvpn mo
de, and then enables the tunnel group list:
hostname(config)# webvpn
hostname(config-webvpn)# tunnel-gr
oup-list enable
Step 9 Specify SSL as a permitted VPN tunneling protocol for the group or user with the vpn-tunnel-protocol
svc command in group-policy mode or username mode:
vpn-tunnel-protocol svc
You can also specify other protocols to permit by addi
ng the names of those protocols to this command.
For more information about the vpn-tunnel-protocol command, see the command description in Cisco
Security Appliance Command Reference.
To Next Page
Loading...
Need help?
General