My backup solution is fairly simple as I use robocopy to mirror my local backup to my remote backup server. I have set the robocopy script to run through Task Scheduler in Windows.
I did not want my backup server to have any connection to the network it was physically connected to. So split-tunneling was not an option.
I found a couple of sources that I used. One over at Tech 21 Century, witch i practically followed most of the way, and the the other over at Cisco for the internet access part.
Requirements
A TFTP server
The AnyConnect client software for your OS. Can be downloaded from here
In this example
The local network is: 10.1.1.0
The VPN network is: 192.168.10.0
Downloaded client software file: anyconnect-win-2.5.3055-k9.pkg
Cisco ASA Software Version 8.2(3)
Hardware: ASA5505
AD Domain FQDN: yourdomain.local
Here is the entire configuration I used: (don't copy paste the entire code on to your ASA, I recommend that you copy a line at the time)
copy tftp flash:
cisco/anyconnect-win-2.5.3055-k9.pkg
conf t
webvpn
svc image disk0:/anyconnect-win-2.5.3055-k9.pkg 1
enable outside
svc enable
exit
ip local pool SSLClientPool 192.168.10.1-192.168.10.50 mask 255.255.255.0
access-list NONAT extended permit ip 10.1.1.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list NONAT
username user1 password YourPassword
username user1 attributes
service-type remote-access
exit
group-policy SSLCLientPolicy internal
group-policy SSLCLientPolicy attributes
dns-server value 10.1.1.201
default-domain value yourdomain.local
vpn-tunnel-protocol svc
address-pools value SSLClientPool
exit
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLCLientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
webvpn
tunnel-group-list enable
exit
conf t
same-security-traffic permit intra-interface
group-policy SSLCLientPolicy attributes
split-tunnel-policy tunnelall
webvpn
svc ask none default svc
svc keep-installer installed
svc rekey time 30
svc rekey method ssl
exit
exit
aaa local authentication attempts max-fail 16
nat (outside) 1 192.168.10.0 255.255.255.0
That's it :)Notes
default-domain value yourdomain.local
This is not nessasary if you dont have a domain. This is so you can access netbios names on your domain.
conf t
same-security-traffic permit intra-interface
group-policy SSLCLientPolicy attributes
split-tunnel-policy tunnelall
webvpn
svc ask none default svc
svc keep-installer installed
svc rekey time 30
svc rekey method ssl
exit
exit
aaa local authentication attempts max-fail 16
nat (outside) 1 192.168.10.0 255.255.255.0
This is the part of the configuration where you enable access to the internet. If you are okay with split-tunneling, which uses the internet on the network where your client are connected, check out the article from Tech 21 Century below.Sources
Tech 21 Century
Title: How To Configure AnyConnect SSL VPN on Cisco ASA 5500
URL: http://www.tech21century.com/how-to-configure-anyconnect-ssl-vpn-on-cisco-asa-5500/
Cisco
Title: ASA 8.x: AnyConnect VPN Client for Public Internet VPN on a Stick Configuration Example
URL: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080972e4f.shtml
 
No comments:
Post a Comment