Quick config: SSL VPN on Cisco IOS via CLI
Platform: CISCO2921 IOS version: 15.3(3)M5
Load the anyconnect package on the flash of the router and configure anyconnect client package (be patient, this may take a while...):
crypto vpn anyconnect flash0:/webvpn/anyconnect-win-4.1.04011-k9.pkg sequence 1
SSLVPN Package SSL-VPN-Client (seq:1): installed successfully
Create a virtual template, that's the interface the VPN clients will attach to:
interface Virtual-Template1
ip address 172.31.255.254 255.255.255.0
Create a local pool to assign IP addresses to VPN clients:
ip local pool SSLVPN_POOL 172.31.255.1 172.31.255.100
Enable https on the router:
ip http secure-server
Get trustpoint name:
sh run | i crypto.*trustpoint
In this example we use local authentication for VPN clients:
aaa authentication login default local
Now configure webvpn. Custom names are UPPERCASE
webvpn gateway GATEWAY_NAME
! PUBLIC IP ADDRESS OF THE VPN GATEWAY
ip address X.X.X.X port 443
http-redirect port 80
ssl trustpoint TRUSTPOINT_NAME
inservice
!
webvpn context SSLVPN
virtual-template 1
aaa authentication list default
gateway GATEWAY_NAME
!
ssl authenticate verify all
inservice
!
policy group SSLVPN_GRP
functions svc-enabled
functions svc-required
svc address-pool "SSLVPN_POOL" netmask 255.255.255.0
!LOCAL NETWORK TO INCLUDE IN SPLIT TUNNEL
svc split include 10.153.0.0 255.255.224.0
default-group-policy SSLVPN_GRP
Now connect the VPN client:
What we see on the router:
Enjoy.